www.nettime.org
Nettime mailing list archives

<nettime> DARPA digests openBSD [cramer, hwang]
nettime's_indigestive_system on Tue, 8 Apr 2003 10:19:15 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> DARPA digests openBSD [cramer, hwang]


Re: <nettime> DARPA to fund OpenBSD
     Florian Cramer <cantsin {AT} zedat.fu-berlin.de>
     Francis Hwang <sera {AT} fhwang.net>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Mon, 7 Apr 2003 23:06:00 +0200
From: Florian Cramer <cantsin {AT} zedat.fu-berlin.de>
Subject: Re: <nettime> DARPA to fund OpenBSD

Am Montag, 07. April 2003 um 21:05:59 Uhr (-0100) schrieb nettime's_avid_reader:
 
> The U.S. military believes the work of a Calgary hacker may be its best bet 
> to protect its computer networks from so-called cyber-terrorist attacks. And 
> although Theo de Raadt is happy to have more than $2-million (U.S.) in 
> research support from the U.S. military's research and development office, 
> the source of that funding has made him more than a little uneasy.

DARPA's investment into OpenBSD makes a lot of sense given its interest
in an open standard secure network operating system. And as a matter
of fact, DARPA was heavily involved in the creation of BSD - i.e. the
Berkeley version of Unix and codebase of OpenBSD - in the first place
<http://www.sindominio.net/biblioweb/telematica/open-sources-html/node27.html>,
apart from everything else of the Internet they helped to create.

OpenBSD is widely respected as the most secure free operating system
and has developed such important free security software as OpenSSH,
the default version of SSH most Free Unix clones use today. 

Of course, there's also a Linux/GNU counterpart of OpenBSD; it's
called "Security Enhanced Linux" (SELinux), is being developed by the
NSA and downloadable as free/open source software from its website
<http://www.nsa.gov/selinux/>.

I fail to see why the interest of (a) the military in privacy
contradicts the interest of (b) private users in privacy as long as (a)
helps to create something which, by its free license, (b) will be able
to employ as well, with no strings attached. (Comparable to hypothetic
military grants for research in car safety whose results would as well
be used to make "consumer" cars safer.) 

-F

-- 
http://userpage.fu-berlin.de/~cantsin/homepage/
http://www.complit.fu-berlin.de/institut/lehrpersonal/cramer.html
GnuPG/PGP public key ID 3200C7BA, finger cantsin {AT} mail.zedat.fu-berlin.de

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Mon, 7 Apr 2003 21:46:20 -0400
Subject: BSD, Mozilla, and open-source organizational concerns
From: Francis Hwang <sera {AT} fhwang.net>

It's an interesting wrinkle, DARPA funding OpenBSD research. Makes me 
wonder what the folks over at the NSA thinks about this -- they were 
the agency who, about a decade ago, designed the Clipper algorithm that 
would allow government agents backdoor access to encrypted traffic. 
(http://www.epic.org/crypto/clipper/) DARPA, I suppose, is the 
military's research arm, less interested in spying and surveillance 
than the No Such Agency ...

A bit of background might be useful for the less tech-obsessed on this 
list. (Others please correct me if I err.) BSD, like Linux, is a Unix 
variant, and the BSD family is quite similar to Linux in system 
architecture and overall philosophy. The difference is negligible 
enough that a user in one can become familiar with the other quickly -- 
comparable, I suppose, between the difference between Windows 2000 and 
Windows XP. (Mac OS X is built on a BSD core, though on some level it's 
quite different because of all the stuff Apple added.)

BSD source code licensing is different from Linux licensing. Linux is 
licensed under the GPL, which is viral in nature: Use any of the code 
from Linux in a project of your own, and you're required to release 
your project GPL. BSD licensing allows you to incorporate BSD code into 
your closed-source project if you want. That way, a for-profit company 
can use some chunk of BSD code in their for-profit code, and not be in 
violation. This is considered a more corporate-friendly policy, and 
there are a number of open-source programmers who find the viral clause 
of the GPL onerous on ideological grounds. Much legalistic flameage has 
been spilled about this point.

As regards quality: The quickest way to waste time is to ask a group of 
sysadmins which is better, but the security guys I know mostly tell me 
the BSDs are easier to lock down than Linux. One of the reasons they 
cite is that although both projects are open-source, BSD is controlled 
more tightly by a handful of fairly hard-to-please module owners. The 
conventional wisdom is that it's much easier to get code into the Linux 
kernel than any of the BSD kernels; BSD developer communities even have 
a slight reputation for being elitist, impatient, and generally 
dismissive of programmers who aren't complete geniuses.

Organizational questions have recently been on the mind of a different 
high-profile open source project: Mozilla, the browser started years 
ago by Netscape (now inside the AOL/Time-Warner octopus). For years, a 
number of armchair hackers denounced the Mozilla code for being bloated 
and monolithic, and they do have sort of a point: The current Mozilla 
includes a web browser, a chat client, an email-newsgroups client, and 
tons of tools for developers, including a DOM inspector and a 
JavaScript debugger. It's a pretty cool Swiss Army knife, but it's 
still more than a lot of people need.

The recent Mozilla roadmap (http://mozilla.org/roadmap.html) aims to 
fix this. It aims for breaking up the project into a handful of 
separate projects. And although this decentralizes things to some 
extent, it also allows for clearer lines of authority, to:

"Continue the move away from an ownership model involving a large cloud 
of hackers with unlimited CVS access, to a model, more common in the 
open source world, of vigorously defended modules with strong 
leadership and clear delegation ..."

I make this point because although the advent of open-source software 
has freed code from intellectual property hurdles, there are still many 
hurdles left. And one of them is that code is, like most things done in 
groups, an organizational problem. You have groups of programmers, 
often scattered around the world, trying to talk to one another in 
code, trying to get as much done as possible in as little time as 
possible. You're still racing to get your code good faster than the 
next guy, and if you're making something mainstream like a web browser, 
the vast majority of users won't care one bit whether or not your code 
is GPLed or BSDed or owned by Bill Gates. They just want it to work.

Some open source projects try to let the organization's priorities 
bubble up from below, others rule from above. ( "Le code c'est moi" ?) 
Open source doesn't automatically introduce you to this amazing world 
of decentralized anarchy-in-action, though it does make it a little 
easier to defect and start your own commune.

Cheers,
Francis

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime {AT} bbs.thing.net