MESSAGE
| DATE | 2003-04-07 |
| FROM | Ruben I Safir
|
| SUBJECT | Re: [hangout] OpenBSD - U.S. military helps fund Calgary hacker
|
This is sort of strange considering that openssh is constantly riddled with wholes
Ruben
On 2003.04.07 08:14 "Inker, Evan" wrote:
>
> POSTED AT 8:51 PM EDT Sunday, April 6
>
> U.S. military helps fund Calgary hacker
>
> By DAVID AKIN
> >From Monday's Globe and Mail
>
>
> The U.S. military believes the work of a Calgary hacker may be its best bet
> to protect its computer networks from so-called cyber-terrorist attacks. And
> although Theo de Raadt is happy to have more than $2-million (U.S.) in
> research support from the U.S. military's research and development office,
> the source of that funding has made him more than a little uneasy.
>
> "I actually am fairly uncomfortable about it, even if our firm stipulation
> was that they cannot tell us what to do. We are simply doing what we do
> anyways - securing software - and they have no say in the matter," Mr. de
> Raadt said in a recent e-mail exchange. "I try to convince myself that our
> grant means a half of a cruise missile doesn't get built."
>
> The grant comes from the U.S. Defense Advanced Research Projects Agency
> (DARPA), the R&D arm of the U.S. military, whose most widely known invention
> would be the Internet. For this grant, DARPA is interested in testing the
> security of commercial software systems against the security of open source
> software projects.
>
> Mr. de Raadt leads development of an open source project called OpenBSD. It
> is a computer operating system, used most often to power the large server
> computers that run corporate networks or Web sites. OpenBSD, a derivative of
> the Unix operating system, is widely considered by computer experts to be
> the most resistant to unauthorized use.
>
> "We were convinced OpenBSD was the best platform to use as a basis for
> further securing open source," said Jonathan Smith, a professor of computer
> and information science at the University of Pennsylvania.
>
> Because DARPA does not directly fund projects outside the United States, it
> is Mr. Smith's computer science department that received the grant, although
> most of the money - $2.3-million - flows through to Mr. de Raadt's project.
>
> Although Microsoft Corp., whose Windows products are the world's dominant
> operating system products, and many other commercial software vendors are
> paying new attention to the security of their products, that renewed
> interest has done little to improve their products so far, Mr. de Raadt
> said.
>
> "Low code quality keeps haunting our entire industry. That, and sloppy
> programmers who don't understand the frameworks they work within. They're
> like plumbers high on glue," Mr. de Raadt said.
>
> Microsoft, for example, has issued 68 security bulletins or alerts for its
> products in the past year, better than one a week. OpenBSD, which does not
> develop as many products as Microsoft, says only one vulnerability or hole
> has been found in its software in the past seven years. OpenBSD has been
> created largely through the work of volunteers over its seven-year
> existence.
>
> The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time
> developers to supplement the work of about 80 volunteers. And although he's
> happy about the extra support for the project, he's nervous that critics may
> get the idea he's working for the U.S. military.
>
> "We're not doing anything for them. They just fund us to do what we do,"
> said Mr. de Raadt, a 35-year-old graduate of the University of Calgary's
> computer science program. Mr. de Raadt is no fan of the U.S. military at the
> moment. He calls the war in Iraq an oil grab. "It just sickens me."
>
> He also notes that the software his group develops is made available free of
> charge via Internet download or for a nominal fee on CD. The next major
> upgrade to the software, version 3.3., will be released on May 1. Because
> OpenBSD is often used in computing environments where security is a top
> concern, OpenBSD users are often reluctant to identify themselves. But Mr.
> de Raadt's group said that in addition to running the servers for several
> branches of the U.S. military, including the Pentagon, OpenBSD is also
> installed on the servers the U.S. Department of Justice uses to track and
> catch hackers and so-called cyber-terrorists.
>
> OpenBSD is also used by the University of Alberta, the University of
> Minnesota, Adobe Systems Inc. and FSC Internet Corp. of Toronto. More than
> 50,000 copies of OpenBSD have been downloaded from the project's servers in
> the past six months.
>
> Corrections Canada, Health Canada, Parliament and the Canada Customs and
> Revenue Agency are among the federal users that have downloaded the
> software, although it's not clear if it is being used by them.
>
> OpenBSD is one of several open source operating systems, the most famous of
> which is Linux. The source code for the software is open or uncompiled,
> which means any software programmer can examine the code and can make
> changes before it is formatted to run on a computer. OpenBSD is a variant of
> a kind of Unix-based operating system known as BSDs, short for Berkeley
> Software Distribution.
>
> The software traces its roots to projects that began in the 1970s at the
> University of California at Berkeley. Mr. de Raadt, who's been working
> full-time on the OpenBSD project for seven years, pays his own bills with
> the money from the sale of the CDs - he sells about 8,000 a year - as well
> as from selling OpenBSD T-shirts and other paraphernalia.
>
> David Akin is national business and technology correspondent for CTV News
> and a contributing writer to The Globe and Mail.
>
> http://www.globetechnology.com/servlet/story/RTGAM.20030406.whack46/GTStory
>
>
>
>
> ****************************************************************************
> This message contains confidential information and is intended only
> for the individual or entity named. If you are not the named addressee
> you should not disseminate, distribute or copy this e-mail.
> Please notify the sender immediately by e-mail if you have received
> this e-mail by mistake and delete this e-mail from your system.
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses. The sender therefore does not
> accept liability for any errors or omissions in the contents of this
> message which arise as a result of e-mail transmission.
> If verification is required please request a hard-copy version.
> This message is provided for informational purposes and should not
> be construed as an invitation or offer to buy or sell any securities or
> related financial instruments.
> GAM operates in many jurisdictions and is
> regulated or licensed in those jurisdictions as required.
> ****************************************************************************
>
> ____________________________
> NYLXS: New Yorker Free Software Users Scene
> Fair Use -
> because it's either fair use or useless....
> NYLXS is a trademark of NYLXS, Inc
>
--
__________________________
Brooklyn Linux Solutions
__________________________
DRM is THEFT - We are the STAKEHOLDERS http://fairuse.nylxs.com
http://www.mrbrklyn.com - Consulting
http://www.inns.net <-- Happy Clients
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
1-718-382-0585
____________________________
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc
|
|
