Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.sdsmt.edu!news.mid.net!sbctri.tri.sbc.com!newspump.wustl.edu!news.ecn.bgu.edu!news.cse.psu.edu!uwm.edu!math.ohio-state.edu!howland.reston.ans.net!agate!theos.com!deraadt
From: deraadt@theos.com (Theo de Raadt)
Newsgroups: comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc
Subject: followup from censored port-i386@Netbsd.ORG
Date: 23 Jun 1996 13:09:19 GMT
Organization: Theo Ports Kernels For Fun And Profit, Inc.
Lines: 201
Distribution: world
Message-ID: <DERAADT.96Jun23070919@zeus.theos.com>
NNTP-Posting-Host: zeus.theos.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:3820 comp.unix.bsd.freebsd.misc:21948
This is the tail of a discussion that was happenning on a NetBSD
mailing list. The NetBSD core occasionally (silently) censor items on
their mailing lists. They permitted a piece of mail to go through
which flamed me (and hence the OpenBSD group) but have censored my
reply. This is certainly not the first time the NetBSD core have
censored items on their mailing lists.
Are they going to start cancelling news articles soon too?
The original discussion started out regarding a claim that NetBSD had
solid security. I replied that OpenBSD had fixed a number of bugs.
Soon people were flaming me for not telling them about these problems.
But.. as the article below shows I have every reason to NOT let NetBSD
people know about these problems. I don't trust them because they
regularily LIE to people about things about me and OpenBSD.
Sorry for the cross-posting, but this will be heard.
Once again.. I will add that in 90% of cases people running only
PC-boxes have no reason to run anything but FreeBSD -- it is better
than anything else IF you only have i386 boxes.
I will NOT put up with the NetBSD core members and their friends lying
about the reasons for the formation of the OpenBSD project any longer.
This is all going public now. I'll answer any and all questions
people have.
deraadt@OpenBSD.org
http://www.OpenBSD.org
"OpenBSD/i386 -- the NetBSD/i386 with all the features you miss from FreeBSD"
----------------------------------------
To: John Goerzen <jgoerzen@complete.org>
cc: deraadt@theos.com (Theo de Raadt), port-i386@netbsd.org
Subject: Re: NetBSD DOSEMU -- questions from a prospective NetBSD user
In-reply-to: Your message of "Fri, 21 Jun 1996 20:53:42 CDT."
<199606220153.UAA05652@complete.org>
Date: Fri, 21 Jun 1996 22:43:04 -0600
From: Theo de Raadt <deraadt@zeus.theos.com>
> How come I got caught up in this argument? My message had nothing to do
> about it. I got CC'd copies of it. I am not subscribed to any NetBSD or
> OpenBSD listserv. So don't send me copies of messages wherin you are
> arguing about petty, insignificant things when you should be doing something
> more useful. I've got news for you -- I don't have time to read it.
I guess you'll be seeing more replies now though, because now you have
gone on a limb and flamed me.
> It doesn't matter if the devel. team of NetBSD has treated you badly,
> you owe it to the users to at least provide them with the info to get it
> fixed!
No, that is not true. And I do provide such information; in the form of
a freely available collection of source codes that have the fixes. Anyone
and everyone is able to use the OpenBSD source tree, using the "anoncvs"
system, to go and check all the logs and diffs on any file in the system.
*I* have nothing to gain from talking about bugs that are fixed.
1) My OpenBSD machines are secure.
2) Except for my SunOS machine, which has these holes.
3) My SunOS machine was hacked sometime ealier this year, and a file
about the OpenBSD & NetBSD conflicts was edited, and critical
chunks were deleted. I just found out last week.
4) I cannot fix these holes on my SunOS machine.
Sorry, but I have LOTS to gain by not talking about these holes to
NetBSD. Am I insinuating something? Noone else had anything to gain
from that file being edited. I'm not going to talk about what I have
in my logs yet.
> I don't see why you can't get along better. After all, FreeBSD and Linux
> people get along just fine -- for instance, drivers are often shared between
> the two systems. And FreeBSD and Linux are much farther away from each
> other than NetBSD and OpenBSD!
I did not create the current situation. I tried for a couple of
months to get myself back in NetBSD, to avoid creating OpenBSD. The
record is clear.
> I didn't ask my question to get messages like "Well, what do you expect?
> That was a stupid question" as some people have responded (not the below
> message in particular, but others). There were people that were very
> helpful, and I thank you for your help, but when two so closely-related
> systems can't even coexist without calling the development team of the other
> a "prick", it makes me seriously question the quality of software being put
> out.
I could privately send you a small list of things these people have
said to me, about me, or to OpenBSD developers over the last few
weeks. They generate hate.
> > Jason Thorpe <thorpej@nas.nasa.gov> wrote:
> > > On Fri, 21 Jun 1996 03:00:00 -0600
> > > Theo de Raadt <deraadt@theos.com> wrote:
> > >
> > > > I would say that is an incorrect assesment of the situation, since
> > > > I've fixed about 20 security holes in OpenBSD -- a NetBSD derived
> > > > system. I think NetBSD has fixed 1 of those (in a different way).
> > >
> > > Perhaps you could share your findings with us?
> >
> > No, Jason.
> >
> > What do I gain? My machines have those problems solved, as do those of
> > the other people running OpenBSD.
> Why are you so selfish? Can't you do it for the sake of the USERS? Or do
> only the users of OpenBSD count, and all the others are just "slime"? I'll
> tell you this -- your attitude is not at all the type of person I want
> developing an OS.
When I was involved in NetBSD, I did it for the sake of the users. I
was not selfish. Nor am I now. I spend roughly 10-14 hours a day
working on this stuff. How can you be so selfish as to require me to
talk to people who have gone through many efforts to ruin me?
I often tell people from the other OS camps about these bugs. But
NetBSD does not deserve my help. Quite often they don't even give
credit to people when they get fixes.
> You say you know of bugs, but you care little enough to
> mention it to the development team of the OS that you owe OpenBSD's
> existance to!
I was one of the founders of the NetBSD group, and they pulled a
scapegoat trick. Check http://theos.com/~deraadt/coremail -- this
version has been fixed after my machines were cracked.
Why should I help a project that flames OpenBSD developers regularily?
A few days ago Herb said to one of the OpenBSD developers:
"And to think I thought you were older than that... I guess Theo
has done us all a favor... He's collecting all the assholes in one
little pot... run along little man..."
BTW, because the word assholes appears in here the NetBSD censor
filter is going to catch this. Whether the outside world sees this
reply.. heck I don't know.
What is OpenBSD to do when these kinds of things are a regular
occurance?
> > To be even more careful, I commited the fixes to the OpenBSD tree
> > without describing the security problems in the commit messages. Many
> > vendors still ship (new) operating systems with these bugs unfixed.
>
> So, in other words, you are being like Microsoft and are covering up
> mistakes. That's not how open software is supposed to be.
Nobody in the BSDi, FreeBSD, NetBSD, or the Linux camps have ever sent
me a security fix. I have sent out probably 50 pieces of mail to
members of other camps.
> > Guess you and NetBSD core shouldn't have been such pricks to
> > me. Rather simply I have not a single reason to help you solve these
> > problems, when my operating system solves them.
>
> Nobody says you have to help them solve the problems. But you could at
> least tell them what the problems are.
A body of freely available sources exists with the problems fixed.
> And calling the developers of an OS that OpenBSD owes its existance to
> "pricks" is not exactly good behavior either. Strikes me as rather
> hypocritical.
Actually, OpenBSD was created due to some actions by the NetBSD core
which cannot be described in any other way. I'm not talking about the
source code body, I'm talking about how they treated me. And how they
have treated other people who are now OpenBSD developers instead.
I want to point out that 3 of 4 founders of NetBSD are not on NetBSD
core anymore because of the politics.
> > `For the users'? For the users you acted to kick me out of NetBSD.
> >
> > Ha.
>
> For the users, you acted to allow their systems to potentially be hacked or
> suffer other serious consequences because you are so selfish that you cannot
> even tell the developers when there is a bug. That is not good at all.
Sorry, that's just not true. All the security problems are well known.
You think the crackers don't know them? They trade security bugs; they
maintain security bugs portfolios; they write exploits and trade them
for knowledge of other bugs.
> Linux is starting to sound better and better compared to OpenBSD. At least
> they don't have petty bickering.
The problem is not OpenBSD. OpenBSD wouldn't even exist if NetBSD core
hadn't acted as they had, and attempted to really hurt me.
[If this doesn't make it past the NetBSD censor filters, I guess I'll have
just have to send it to an expn of the list]
--
This space not left unintentionally unblank. deraadt@theos.com