From owner-freebsd-questions@freebsd.org Tue Jun 9 04:39:09 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2032A3485A1 for ; Tue, 9 Jun 2020 04:39:09 +0000 (UTC) (envelope-from me@anatoli.ws) Received: from out-mx.anatoli.ws (out-mx.anatoli.ws [177.54.157.124]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "out-mx.anatoli.ws", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49gy7b2W1yz4WnH for ; Tue, 9 Jun 2020 04:39:07 +0000 (UTC) (envelope-from me@anatoli.ws) Received: from [192.168.0.1] (unknown [192.168.0.1]) by out-mx.oprbox.com (Postfix) with ESMTPSA id 1842B1E00BCA; Tue, 9 Jun 2020 04:38:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anatoli.ws; s=vnptcm0lqn; t=1591677539; bh=c/GIGVysA+Knq9jcvSscvO8g8tfQWoU/WVL9LvflT3o=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=QKojg90q/U5RCkm4z66rEdZWMHxpLC6SlSte3dLtlsScNqUeeJi4vDLSqyDkU6JCY q0VifV5zy4n5TKZZNxMsktwFhkh9XEJqHLfkh8e0QJpsjku402ujbaFZUpAAWvY4m2 Byme1r/eSboARcCYnufS/z84soQi0oHz4Bx+7H4QJg0k1rWjjCi8ad5fYHKf6mPv/A vgXxh05X1zT2yehdbukVPYPgdwxnXSsMOQOWtULLPfX+kbdJqvOyhhyDqpgpQVrGqO 2cxM1kwrL5cDopxUUFNL0cgwBVurMY2rLH9GMeLn48YSuchVDYryIW+WpSr0HXjjLu yYEUI3bk9ceug== Subject: Re: freebsd vs. netbsd To: Valeri Galtsev Cc: FreeBSD Mailing List References: <171506d5-19aa-359e-c21d-f07257c52ebd@freenetMail.de> <62d10000-e068-922e-23bd-f7a61e7a4e89@anatoli.ws> <6a4f6a15-ec43-03f6-1a41-a109e445f026@anatoli.ws> From: Anatoli Message-ID: <00225a04-237d-9051-9aea-12c192106a20@anatoli.ws> Date: Tue, 9 Jun 2020 01:38:56 -0300 Mime-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 49gy7b2W1yz4WnH X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=anatoli.ws header.s=vnptcm0lqn header.b=QKojg90q; dmarc=pass (policy=reject) header.from=anatoli.ws; spf=pass (mx1.freebsd.org: domain of me@anatoli.ws designates 177.54.157.124 as permitted sender) smtp.mailfrom=me@anatoli.ws X-Spamd-Result: default: False [-3.41 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[anatoli.ws:s=vnptcm0lqn]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+a:out-mx.anatoli.ws]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-0.99)[-0.989]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[anatoli.ws:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[anatoli.ws,reject]; NEURAL_HAM_SHORT(-0.89)[-0.891]; NEURAL_HAM_MEDIUM(-1.03)[-1.029]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:262287, ipnet:177.54.156.0/22, country:BR]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2020 04:39:09 -0000 If you're talking about the allegations that Jason Wright planted backdoors into OpenBSD for FBI, then you invented about 90% of the story. The story is about Gregory Perry's (a former technical consultant for the FBI) allegations that Jason Wright (an ex-dev) and NETSEC (the company he and some others worked for) accepted US government money to put backdoors into OpenBSD's network stack, in particular the IPSEC stack, around 2000-2001. This information is public, was discussed multiple times and nothing extraordinary resulted from it. After the allegations went public, extensive audits were conducted internally and externally and nothing serious or of intentional nature was found by anyone. For those interested, here are some links: 1. A TL;DR version about the story by ArsTechnica: [1]; 2. Theo De Raadt (founder of OpenBSD) mail disclosing the allegations made privately to him: [2]; 3. His follow-up email: [3]; 4. A follow-up email from Gregory Perry (the one making allegations) after his initial email was made public by Theo [4] 5. Damien Miller (OpenSSH/OpenBSD) comments about feasibility of such implantation, very insightful for those interested in technical details (as the entire thread) [5]; 6. All allegations denied by named participants: [6]; 7. A follow-up to the story from the past year (2019), a FOIA request to the FBI to disclose any involvement with OpenBSD: [7]. If you're talking about this story, nothing new or interesting. If you're talking about something else, then the burden of proof is on the one making the claim. So don't say "check that on your own". You're making a public claim, provide the proof or be considered just a FUD-spreader. On the other hand, no software project, public or private, is immune to governments trying to insert backdoors, though Bruce Schneier believes this would be just plain stupid: [8]. > I too was considering OpenBSD the most secure operating system out > there. Till the moment I've learned ..." So even *if* we suppose that there were any backdoors planted in OpenBSD (which was never demonstrated by anyone publicly), do you have any better alternative than OpenBSD? Some OS guaranteed to be free from government backdoors? Any OS better suited for entire system audits due to its simplicity and a small, clean code base? Any OS with a better secure development and peer review process? If not, what's your point then? [1]: https://arstechnica.com/information-technology/2010/12/openbsd-code-audit-uncovers-bugs-but-no-evidence-of-backdoor/ [2]: https://marc.info/?l=openbsd-tech&m=129236621626462&w=2 [3]: https://marc.info/?l=openbsd-tech&m=129296046123471 [4]: https://www.csoonline.com/article/2136901/an-fbi-backdoor-in-openbsd-.html [5]: https://marc.info/?l=openbsd-tech&m=129237675106730&w=2 [6]: https://www.itworld.com/article/2744922/openbsd-fbi-allegations-denied-by-named-participants.html [7]: https://news.ycombinator.com/item?id=20489904 [8]: https://www.schneier.com/blog/archives/2010/12/did_the_fbi_pla.html On 8/6/20 12:44, Valeri Galtsev wrote: > > > On 2020-06-08 09:25, Anatoli wrote: >>> The most secure… if you dismiss the fact that one of the developer (who wrote network stack if my memory serves me) was simultaneously receiving payments from one of three letter agencies for several years. >> >> Rumors + FUD or do you have any proof? >> > > When I heard that I checked, and receipt of payments was confirmed by developer himself. That is my recollection, I am merely human whose memory can not be perfect, check that on your own. This even if confirmed as a fact, does not mean he left back doors or weak spots in code. > > The rest is for everyone: to do one's own home work: > > 1. who don't care just dismiss what is said > > 2. Who do care to verify if receipt of payments is the fact, just verify on your own (I never think of myself to be considered the source of absolute truth. Merely as a help to point into direction where who is interested may find something helpful) > > If one verifies the fact of payment(s), the decide for yourself: > > A. Audit the code (I for one realize I will not be able to find fishy spots in that sophisticated code, so this can not be my choice) > > B. Accept that it is likely that good enough programmers did audit code, hence there are no weak (or worse) spots in it > > C. Accept that what top programmer wrote is not that easy to audit, and just shy away from what may (just merely may) be not quite kosher. If you care, of course. > > > And again, do your own thinking, this may, just merely may help someone. > > > Valeri > >> On 8/6/20 10:26, Valeri Galtsev wrote: >>> >>> >>>> On Jun 7, 2020, at 11:26 PM, Anatoli wrote: >>>> >>>> IMO >>>> >>>> * FreeBSD: servers (performance, stability, relative security, zfs), >>>>   competes directly with Linux >>>> >>>> * OpenBSD: routers/firewalls, desktops (the most secure OS >>> >>> The most secure… if you dismiss the fact that one of the developer (who wrote network stack if my memory serves me) was simultaneously receiving payments from one of three letter agencies for several years. >>> >>> Valeri >>> >>>> and a really >>>>   good desktop, but its absence of server-class performance is its >>>>   weakest side + no zfs (just ffs2) and limited virtualization (no SMP) >>>>   so not suitable for any serious server load where absolute security is >>>>   not a must). The king in its niche (paranoid security) >>>> >>>> * NetBSD: toasters & freezers (runs on anything, otherwise not sure >>>>   what's the point :), competes with FreeBSD and Linux (and Linux now >>>>   supports more archs/platforms than Net). IMO no clear vision and thus >>>>   attracts too little resources both human and economic. IMO midterm not >>>>   much hope for survival, same as DFly and smaller BSDs. >>>> >>>> I believe that OS development is an economy of scale (doing things more >>>> efficiently or having other advantaged with increasing size) with a >>>> tendency for a monopoly in the same niche. >>>> >>>> There are some features that the larger players establish as a >>>> commodity, but that are very time-intensive and complex to develop (e.g. >>>> virtualization, wifi ac and now ax). So what Linux implemented more than >>>> a decade ago, the BSDs are just catching up now. >>>> >>>> Linux world had 2 "obstacles" to its almost flawless growth recently >>>> (systemd and a ZFS alternative). Now that the things have almost settled >>>> up, if they don't commit any more serious errors I don't see how the >>>> BSDs (except OpenBSD as it's not a direct competitor) could compete with >>>> it in the long term. >>>> >>>> Now with ZoL/OpenZFS the long-term future even for FreeBSD is not that >>>> clear (and the recent iX decisions [1] [2] are a clear sign). >>>> >>>> [1] https://arstechnica.com/gadgets/2020/06/truenas-isnt-abandoning-bsd-but-it-is-adopting-linux/ >>>> [2] https://www.truenas.com/TrueOS-Discontinuation/ >>>> >>>> >>>> On 7/6/20 22:35, Wesley wrote: >>>>> greetings, >>>>> >>>>> There were freebsd and netbsd (maybe others?) in BSD world. >>>>> What points did they focus by design? >>>>> what are their use scenes then? >>>>> >>>>> Thank you. >>>>> _______________________________________________ >>>>> freebsd-questions@freebsd.org mailing list >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >