File: [local] / www / Attic / press.html (download) (as text)
Revision 1.345, Thu May 8 14:40:07 2003 UTC (21 years ago) by deraadt
Branch: MAIN
Changes since 1.344: +11 -1 lines
herald article not on net yet
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD Media Coverage</title>
<link rev=made href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996-2003 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<p>
<h2><font color="#e00000">Media Coverage</font></h2>
<hr>
<h2>May, 2003</h2>
<ul>
<li><font color="#009000"><strong>
Funding cut linked to antiwar remarks, Page E5,
Calgary Herald
May 7, 2003.
</strong></font><br>
An article not yet on the net by Tamara Gignac once again discusses
the DARPA funding cut and how it will have no affect on the Hackathon
happening in Calgary starting the 9th.
<p>
<li><font color="#009000"><strong>
<a href="http://www.osopinion.com/perl/story/21438.html">
Shame on DARPA for Pulling OpenBSD Funding</a>,
OsOpinion,
May 6, 2003.
</strong></font><br>
Joe Brockmeier writes a scathing discussion regarding the perception of
wrongdoing inside DARPA and Air Force in regards to the funding cut.
<br>
This article can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.newsfactor.com/perl/story/21438.html">
Shame on DARPA for Pulling OpenBSD Funding</a>,
NewsFactor Network.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://www.itbusiness.ca/index.asp?theaction=61&sid=52131">
OpenBSD, closed doors</a>,
ITBusiness,
May 2, 2003.
</strong></font><br>
Shane Schick covers a quick recount of the DARPA funding situation, the
release of 3.3 and its buffer-overflow fighting security features.
Despite some errors, the article interestingly ends with a suggestion
that the Canadian government should help fund OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/article/03/05/01/HNopenbsd33_1.html">
OpenBSD launches latest release</a>,
InfoWorld,
May 1, 2003.
</strong></font><br>
Carly Suppa discusses the new things that can be found in OpenBSD 3.3.
<br>
This article can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.idg.com.sg/idgwww.nsf/unidlookup/15D00CA80554E2B648256D1A000F9270?OpenDocument">
OpenBSD launches latest release</a>,
IDG Singapore.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://zdnet.com.com/2100-1104_2-999200.html">
OpenBSD 3.3 prevails despite funding cut</a>,
ZDNet,
May 1, 2003.
</strong></font><br>
An article with a number of errors, apparently cobbled together by
someone using parts from previous articles.
<br>
This article can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.businessweek.com/technology/cnet/stories/999200.htm">
Developers give OpenBSD to public</a>,
BusinessWeek.com.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://news.com.com/2100-1016_3-999200.html">
Developers give OpenBSD to public</a>,
CNET News.com.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://news.zdnet.co.uk/story/0,,t269-s2134164,00.html?rtag=zdnetukhompage">
OpenBSD releases version 3.3</a>,
ZDNet UK.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.net-security.org/article.php?id=480">
OpenBSD 3.3 has been released</a>,
Help Net Security, Croatia.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://marc.theaimsgroup.com/?l=openbsd-announce&m=105175475006905&w=2">
OpenBSD 3.3 Released</a>,
Todd Miller in <a href="mail.html">openbsd-announce</a>,
May 1, 2003.
</strong></font><br>
The official announcement of the 3.3 release lists all the great things
that have been added
to the system in 3.3, including ProPolice, W^X, fewer setuid/setgid programs,
more privsep, major security and usability improvements in pf,
more hardware support including the HPPA platform, spamd, more and better
third-party "ports", spamd, many upgrades to included software, and more.
Recommends purchase of CD and T-shirts to provide continuing funding
for the project (more so now that the DARPA funding is gone).
As always, OpenBSD remains free software, so you can FTP it for free.
<p>
</ul>
<h2>April, 2003</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.techrepublic.com/article.jhtml?id=r00220030428mco01.htm&page=1&vf=tt">
Can OpenBSD really eliminate buffer over-runs?</a>,
TechRepublic,
April 28, 2003.
</strong></font><br>
John McCormick writes about the recent W^X and ProPolice efforts in the
upcoming 3.3 release, noting that other vendors should look at this
work.<br>
Can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://techupdate.zdnet.co.uk/story/0,,t481-s2133935,00.html">
Can OpenBSD really eliminate buffer over-runs?</a>,
ZDNet UK.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://www.idg.net/ic_1309735_9677_1-5043.html">
OpenBSD contract suspended due to 'world events'</a>,
IDG,
April 24, 2003.
</strong></font><br>
Grant Gross provides another summary of new information regarding
the DARPA grant situation. Like other reporters, he runs into a
wall, as DARPA refuses to "go into any more detail."<br>
Can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/article/03/04/24/HNdarpaopen_1.html">
OpenBSD contract suspended due to 'world events</a>,
InfoWorld.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://slate.msn.com/id/2081943/">
The Fix Is In: Programmers can stop Internet worms. Will they?</a>,
Slate,
April 24, 2003.
</strong></font><br>
Paul Boutin asks whether the buffer overflow prevention techniques
found in OpenBSD 3.3 will, in time, find themselves into commercial
operating systems like Windows, where they could have stopped major
buffer-overflow based problems like Slammer, Code Red, and Nimda.
<p>
<li><font color="#009000"><strong>
<a href="http://lwn.net/Articles/29186/">OpenBSD Funding</a>,
LWN.net Weekly Edition,
April 24, 2003.
</strong></font><br>
($ registration required; free after May 1, 2003).
<br/>More detailed discussion of why the funding was cut, by whom
and when. Concludes that the funding cut "may not be as dramatic
as it sounds", since OpenBSD has other sources of funding.
<p>
<li><font color="#009000"><strong>
[ITALIAN] <a href="http://webnews.html.it/focus/290.htm">La DARPA ritira i fondi per OpenBSD</a>, WebNews online,
April 24, 2003.
</strong></font><br>
Notes that DARPA's funding cut is "a gesture that has echoed throughout
the free software community".
Refers to the AP article below, and has lots of links to
other articles.
<p>
<li><font color="#009000"><strong>
<a href="http://www.nytimes.com/2003/04/24/politics/24HACK.html?ex=1051761600&en=87a56d5c962b64e4&ei=5062">Canadian Programmer Says U.S. Cut Funding After Comments</a>,
New York Times, April 24, 2003.
</strong></font><br>
Another take on the ongoing saga, with some interesting remarks:
Reporter Jennifer Lee comments that the controversy
"highlights the delicate balance between the military and the
anti-establishment bent of some in the technology community. It
also shows that the international pool of computer programmers and
hackers, possessing vast technological expertise, is not entirely
sympathetic to the American military's current role in world
affairs." Notes the discrepency between DARPA's public position
and what the people working on the UPenn project have been told.
<br/>
Describes Theo de Raadt as "A respected Canadian computer programmer ...
the 35-year-old founder of an international collaborative software project
known as OpenBSD", and quotes him as saying that the hackathon will go on:
"We are free people, we are hobbyists," he said. "We do this for fun."
<br>
Can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.commondreams.org/headlines03/0424-08.htm">
Canadian Programmer Says U.S. Cut Funding After Comments</a>,
Common Dreams NewsCenter
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://www.wired.com/news/business/0,1367,58602,00.html">Organizer: 'Hackathon' Will Go On</a>,
Wired, April 24, 2003.
</strong></font><br>
Another retelling of the tale, similar in scope to the NYTimes.com
article above.
Quotes Theo as saying: "The hackathon will go on," de Raadt said.
"There's no way I'll be taking 60 people's personal flights and
wasting them."
<br>
Can also be found online at:
<ul>
<li>
<font color="#009000"><strong>[JAPANESE] <a href="http://www.hotwired.co.jp/news/news/20030425302.html">Wired News Japan</a>
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://yro.slashdot.org/yro/03/04/23/0256240.shtml">Open Source Enables Terrorist States</a>, Slashdot, April 23, 2003.
</strong></font><br>
Coverage and commentary on DARPA's cancellation and its implications for open source software.
<p>
<li><font color="#009000"><strong>
<a href="http://www.dailypennsylvanian.com/vnews/display.v/ART/2003/04/23/3ea643207f30d">Federal funding abruptly cut for research project</a>, dailypennsylvanian.com, April 23, 2003.
</strong></font><br>
An article from the University of Pennsylvania commenting
on the DARPA cut and the university involvement in it.
<p>
<li><font color="#009000"><strong>
[GERMAN] <a href="http://www.heise.de/newsticker/data/hps-23.04.03-000/">OpenBSD in Ungnade</a>, Heise online,
April 23, 2003.
</strong></font><br>
OpenBSD in disgrace - UPenn's actions against the hackathon.
<p>
<li><font color="#009000"><strong>
[DUTCH] <a href="http://www.webwereld.nl/nieuws/14830.phtml">Defensie VS stopt subsidie OpenBSD</a>, WebWereld NL,
April 22, 2003.
</strong></font><br>
This article works from information found in the CNET article.
<p>
<li><font color="#009000"><strong>
<a href="http://www.smh.com.au/articles/2003/04/21/1050777197498.html">
OpenBSD loses funding due to anti-war statements</a>,
Sydney Morning Herald, April 21, 2003.
</strong></font><br>
Yet another article on the DARPA moves, this time from down under.
Days before the grant was recalled, Jonathan M. Smith told de Raadt
that "perceptions of wrong doing" were very important to UPENN. When
papers around the world start making assertions of wrong doing on
UPENN and DARPA's part, how is that for perception?<br>
Can also be found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.theage.com.au/articles/2003/04/21/1050777197498.html">
OpenBSD loses funding due to anti-war statements</a>,
The Age.
</strong></font>
<li><font color="#009000"><strong>
[INDONESIAN] <a href="http://www.detikinet.com/net/2003/04/21/20030421-105803.shtml">
OpenBSD Terhambat Anti-Perang</a>,
detiki-Net, Indonesia.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
[TURKISH] <a href="http://www.olympos.org/article/articleview/1047/1/1">
DARPA OpenBSD'ye Destegini Geri Çekiyor...</a>,
Olympos Security, April 20, 2003.
</strong></font><br>
The leading Turkish IT Security Portal reporting about the DARPA fund
cut. Talks about the DARPA CHATS funding to POSSE program and the
benefits to the open source community. Quotes from de Raadt's anti-war
views from the interview and his plans for holding the approaching
hackathon even without funding. Also covers the OpenBSD project's many
contributions to the field of operating system security and proactive
auditing.
<p>
<li><font color="#009000"><strong>
<a href="http://www.globeandmail.com/servlet/ArticleNews/TPStory/LAC/20030419/RMILI/TPScience/">
Researcher feels anti-war views cost him U.S. funding</a>,
Globe & Mail, April 18, 2003.
</strong></font><br>
David Akin writes a second article about the DARPA situation. His original
article, found further down, was the one which reputedly angered officials
at UPenn and DARPA.
<p>
<li><font color="#009000"><strong>
[FRENCH] <a href="http://www.weblmi.com/news_store/2003_04_18_La_DARPA_coupe_les_v_32/News_view">La DARPA coupe les vivres a OpenBSD</a>, Le Monde, France
April 18, 2003.
</strong></font><br>
A small article in the french press.
<p>
<li><font color="#009000"><strong>
[GERMAN] <a href="http://www.heise.de/newsticker/data/hps-18.04.03-002/">Aus der Traum: Keine US-Gelder für OpenBSD</a>, Heise News-Ticker,
April 18, 2003.
</strong></font><br>
DARPA cancels OS project funding after comments
<p>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/onlamp/2003/04/18/darpa.html">
Soldiers Renege on Hackers</a>,
OnLamp.com, April 18, 2003.
</strong></font><br>
Ian Darwin has written an editorial piece which ties together the history
of DARPA, Canadian-US relations, and the events immediately surrounding
the ending of the grant for the POSSE project.
<p>
<li><font color="#009000"><strong>
<a href="http://arstechnica.com/archive/news/1050693906.html">
DARPA pulls OpenBSD funding</a>,
Ars Technica Newsdesk, April 18, 2003.
</strong></font><br>
Semi On reports on the sudden pulling of OpenBSD's DARPA grant
funding. This article laments about the possibility that researchers
must be "good party men" in order to receive funding in the new
American century.
<p>
<li><font color="#009000"><strong>
<a href="http://www.computerworld.com/securitytopics/security/story/0,10801,80473,00.html">
DARPA pulls funding for OpenBSD, leader says</a>,
IDG News Service, April 18, 2003.
</strong></font><br>
Grant Gross writes about the sudden cancellation of the OpenBSD
project funding by DARPA. This article includes some background as
well as the response he received to his phone inquiries about the
reasons for the abrupt cancellation.
Can also be found online at:
<ul>
<li><a href="http://www.nwfusion.com/news/2003/0418darpapulls.html">Network Fusion</a>
<li><a href="http://www.infoworld.com/article/03/04/18/HNdarpa_1.html">Info World</a>
<li><a href="http://www.computerworld.com/securitytopics/security/story/0,10801,80473,00.html">Computerworld</a>
<li><a href="http://www.idg.com.sg/idgwww.nsf/unidlookup/4EB7D1016D5B4E7548256D0F0019F8A5?OpenDocument">IDG Singapore</a>
</ul>
<p>
<li><font color="#009000"><strong>
<A HREF="http://seattlepi.nwsource.com/business/aptech_story.asp?category=1700&slug=Grant%20Canceled">
DARPA Cancels OS Project After Comments</a>,
(title changed to "Programmer Claims Agency Dropped Funding" later)
Associated Press, April 18, 2003.
</strong></font><br>
Matthew Fordahl of the Associated press reports about the
DARPA funding cancellation. There have been a series of edits of this
story, with the title under constant flux. This story has been picked
up by many local newspapers who carry Associated Press stories including:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.nytimes.com/aponline/technology/AP-Grant-Canceled.html">
DARPA Cancels OS Project After Comments</a>,
New York Times.
</strong></font>(free registration required)
<li><font color="#009000"><strong>
<a href="http://abcnews.go.com/wire/Business/ap20030418_1015.html">
DARPA Cancels OS Project After Comments</a>,
ABC News.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://seattlepi.nwsource.com/business/aptech_story.asp?category=1700&slug=Grant%20Canceled">
Programmer Claims Agency Dropped Funding</a>
Seattle Post Intelligencer, WA.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.theledger.com/app:s/pbcs.dll/article?Date=20030418&Category=APF&ArtNo=304180815&Ref=AR">
[Article was pulled]</a>,
Lakeland Ledger, FL.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.salon.com/tech/wire/2003/04/18/darpa/index.html">
DARPA cancels open-source software project after anti-war comments</a>,
Salon.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.timesdaily.com/apps/pbcs.dll/article?Date=20030418&Category=APF&ArtNo=304180815&Ref=AR">
DARPA Cancels OS Project After Comments</a>
Times Daily, AL.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://boston.com/dailynews/108/economy/Military_drops_project_s_fundi:.shtml">
Military drops project's funding after anti-war comments</a>
Boston.com, MA.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.heraldtribune.com/apps/pbcs.dll/article?Date=20030418&Category=APF&ArtNo=304180815&Ref=AR&cachetime=5">
Programmer Claims Agency Dropped Funding</a>
Sarasota Herald-Tribune, FL.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.rapidcityjournal.com/articles/2003/04/18/ap/HiTech/apnews42743-03.txt">
[Article was pulled]</a>
Rapid City Journal, SD.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.infoshop.org/inews/stories.php?story=03/04/18/9696550">
DARPA cancels open-source software project after anti-war ...</a>,
Infoshop News.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.bayarea.com/mld/mercurynews/news/local/5666795.htm">
Military drops project's funding after anti-war comments</a>,
San Jose Mercury News, CA.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://newsobserver.com/24hour/technology/story/859765p-6012789c.html">
Military cancels OS project after programmer's comments</a>,
Raleigh News, NC.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.napanews.com/templates/index.cfm?template=story_full&id=22677BFE-1AD7-4969-B4B6-C33A2D214DAE">
Military cancels project's funding after programmer's anti-war comments</a>,
Napa News, CA.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.zwire.com/site/news.cfm?newsid=7759788&BRD=2212&PAG=461&dept_id=465812&rfi=6">
Military drops project's funding after anti-war comments</a>,
NEPA News, PA.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.wired.com/news/technology/0,1282,58553,00.html">
Peace Talk Halts Defence OS Job</a>,
Wired News.
</strong></font>
<br>
<li>
<font color="#009000"><strong>
[JAPANESE]
<a href="http://www.hotwired.co.jp/news/news/culture/story/20030423205.html">
Wired News Japan</a>
</strong></font>
</ul>
<p>
Then on some news sites, the story starts to change. A spokeswoman
from DARPA is quoted as saying "We're sorry if this review process has
been misinterpreted as an effort to cancel the work." (If it was not
a cancellation, then why did Mark West from UPENN phone the Hyatt
Calgary and cancel the reservations -- even before OpenBSD was
informed by Jonathan Smith, who in email said "Penn has been contacted
by the Air Force and NO FURTHER COSTS MAY BE INCURRED, effective
today, 4/17/03", "All subcontracts are terminated, effective TODAY",
and "Penn must cancel/terminate contracts & obligations such as the
Hyatt and travel not yet PAID. Mark, please carry this out ASAP per
our contractual requirements with the government" These papers proceed
to pick up the new story; some retain the old one:
<p>
<ul>
<li><font color="#009000"><strong>
<a href="http://customwire.ap.org/dynamic/stories/G/GRANT_CANCELED?SITE=ININS&SECTION=BUSINESS&TEMPLATE=DEFAULT">
Programmer Claims Agency Dropped Funding</a>,
Indianapolis Star, IN.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.miami.com/mld/miamiherald/business/5666795.htm">
Agency denies dropping project's funding after anti-war comments</a>,
Miami Herald, FL.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.portervillerecorder.com/articles/2003/04/18/ap/HiTech/apnews42749-03.txt">Programmer Claims Agency Dropped Funding</a>,
The Porterville Recorder, CA.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.kansas.com/mld/kansas/business/5666795.htm">
Agency denies dropping project's funding after anti-war comments</a>,
Wichita Eagle, KS.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://abcnews.go.com/wire/Business/ap20030418_1329.html">
Programmer Claims Agency Dropped Funding<br>
Programmer of Secure, Free Operating System Claims U.S. Research Agency Cut Off Grant Money</a>,
ABC News.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.rapidcityjournal.com/articles/2003/04/18/ap/HiTech/apnews42748-03.txt">
[Article was pulled]</a>,
Rapid City Journal, SD.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.wilmingtonstar.com/apps/pbcs.dll/article?Date=20030418&Category=APF&ArtNo=304180871&Ref=AR&cachetime=5">
Agency denies dropping project's funding after anti-war comments</a>,
Wilmington Star, NC.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.bayarea.com/mld/cctimes/business/5670981.htm">
Project wasn't dropped over anti-war stance, agency says</a>,
The Contra Costa Times, Northern California.
</strong></font>
<li><font color="#009000"><strong>
<a href="http://www.globetechnology.com/servlet/story/RTGAM.20030421.gtprog0421/GTStory">
Programmer says criticism of military cost him contract</a>,
Globe Technology.
</strong></font>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://theregister.co.uk/content/55/30332.html">
Getting realistic in the war on hackers</a>,
TheRegister/SecurityFocus, April 18, 2003.
</strong></font><br>
John Lasser talks about the damage that US DMCA and similar acts are doing
to civil liberties; recommends security technology as a better option.
Some coverage of security features in OpenBSD 3.3 and elsewhere.
<p>
<li><font color="#009000"><strong>
<a href="http://www.theinquirer.net/?article=9030">
OpenBSD loses DARPA money for hackathon</a>,
The Inquirer, April 18, 2003.
</strong></font><br>
A critical story about how Theo's criticisms of the US-led war in Iraq
with respect to the source of funding is what caused the DARPA funding
to be canceled. The timing of the grant's revocation is unfortunate for
the upcoming OpenBSD hackathon, which was to be partly funded by the
grant. This story was written without information from OpenBSD or DARPA
and simply restates other press reports.
<p>
<li><font color="#009000"><strong>
<a href="http://www.osnews.com/story.php?news_id=3307">
DARPA Pulls OpenBSD Funding</a>,
OS News, April 18, 2003.
</strong></font><br>
OS News has a discussion forum on this issue.
<p>
<li><font color="#009000"><strong>
<a href="http://theregister.co.uk/content/4/30333.html">
US military shuns BSD for hopping landmines</a>,
The Register, April 18, 2003.
</strong></font><br>
Another report on the DARPA funding.
But hopping landmines? You have to see that one to believe it.
Your (US) Tax Dollars At Work.
<p>
<li><font color="#009000"><strong>
<a href="http://techupdate.zdnet.co.uk/story/0,,t481-s2133221,00.html">
IT Anthems: OpenBSD</a>,
ZDNet UK Tech Update,
April 17, 2003.
</strong></font><br>
Peter Judge, who maintains the large
<a href="http://techupdate.zdnet.co.uk/story/0,,t481-s2122414,00.html">
Tech Anthems</a>
archives, does a little writeup about the OpenBSD release songs,
4 so far.
<p>
<li><font color="#009000"><strong>
<a href="http://news.com.com/2100-1016-997393.html?tag=fd_top">
DARPA pulls OpenBSD Funding</a>,
news.com.com, April 17, 2003.
</strong></font><br>
"The unused portion of a grant from the Defense Advanced Research
Projects Agency to fund development of the open-source operating
system OpenBSD has been pulled for unspecified reasons."
Refers to Theo's email announcing the cut.
Talks about the money going to "foreign" researchers.
Goes on to say:
"Moreover, de Raadt believed that the U.S. government took exception
to comments he made indicating that the money spent on his project
meant that fewer cruise missiles were being built...
"In the U.S., today, free speech is just a myth," de Raadt said."
This article is also found online at:
<ul>
<li><font color="#009000"><strong>
<a href="http://www.businessweek.com/technology/cnet/stories/997393.htm">
BusinessWeek.com</a>,
DARPA pulls OpenBSD Funding.
</strong></font><br>
<li><font color="#009000"><strong>
<a href="http://zdnet.com.com/2100-1104-997393.html">
ZDnet</a>,
DARPA pulls OpenBSD Funding.
</strong></font><br>
<li><font color="#009000"><strong>
<a href="http://www.zdnet.com.au/newstech/os/story/0,2000024997,20273830,00.htm">
ZDnet Australia</a>,
US Defence pulls open source funding.
</strong></font><br>
</ul>
<p>
<li><font color="#009000"><strong>
<a href="http://bsd.slashdot.org/bsd/03/04/17/2332233.shtml?tid=122&tid=98&tid=172">
DARPA Grant Cancelled for OpenBSD and U-Penn</a>,
Slashdot, April 17, 2003.
</strong></font><br>
Slashdot report (and user followups) on the funding cancellation.
Links to Theo's original email (see below) announcing that DARPA cut the
project's funding (which was coming through the University of Pennsylvania)
without notice or justification.
<p>
<li><font color="#009000"><strong>
<a href="http://marc.theaimsgroup.com/?l=openbsd-misc&m=105061580500738&w=2">
DARPA Cancellation</a>,
MARC (Mailing list Archives), April 17, 2003.
</strong></font><br>
Theo's original mail announcing DARPA's arbitrary cancellation of its funding:
"It has come to my attention that DARPA has cancelled the POSSE program
with UPENN, (sub OpenBSD & a bit for OpenSSL) for undisclosed reasons,
effective today, without any warning..."
<p>
<li><font color="#009000"><strong>
<a href="http://www.robtv.com">
TV appearance</a>,
CTV Report on Business, April 16, 2003.
</strong></font><br>
On this day, Theo appeared on this TV channel for a 5 minute interview
at 1:15pm Mountain Time. The interviewer focused on the question of
why a group of individuals would write a free operating system designed
for security. (He had difficulty believing that people who do things for
fun can generate quality; perhaps he has never heard the term "craftsman").
<p>
<li><font color="#009000"><strong>
<a href="http://www.sans.org/newsletters/newsbites/vol5_15.php">
OpenBSD Release Protected Against Buffer Overflow Attacks</a>,
SANS Newsbytes, April 16, 2003.
</strong></font><br>
A description of the work done in 3.3 to prevent buffer overflow attacks.
The editors speak strongly in favor of the team's efforts
in producing reliable, bug-free software;
quoting two of them:
<br/>(Ranum): It's GREAT to see that at least a few people are smart enough
to try to attack problems like this systemically, rather than keeping
stuck in the fruitless "penetrate and patch" while loop. This is how
to make progress in security: fundamental protections.
<br/>(Shpantzer): Initiatives like this should be taught as case studies
in computer science courses at the undergraduate level.
<p>
<li><font color="#009000"><strong>
[DUTCH] <a href="http://www.automatiseringsgids.nl/news/default.asp?nwsId=21776">
Project OpenBSD strijdt tegen bufferoverflows</a>,
Automatiserings Gids Webeditie, April 14, 2003.
</strong></font><br>
A description of three new techniques in OpenBSD to counter buffer overflows.
<p>
<li><font color="#009000"><strong>
[GERMAN] <a href="http://www.heise.de/newsticker/data/odi-13.04.03-000/">OpenBSD mit neuem Sicherheitskonzept</a>, Heise News-Ticker,
April 13, 2003.
</strong></font><br>
New security concepts in OpenBSD
<p>
<li><font color="#009000"><strong>
<a href="http://news.com.com/2100-1002-996584.html">
Open-source team fights buffer overflows</a>,
CNET News.com, April 11, 2003.
</strong></font><br>
"The OpenBSD project hopes a new change to its latest release will
eliminate "buffer overflows", a software issue that has been plaguing
security experts for more than three decades."
Coverage of Theo's presentation at CanSecWest.
<p>
<li><font color="#009000"><strong>
[GERMAN] <a href="http://www.heise.de/newsticker/data/anw-08.04.03-001/">US-Verteidigungsministerium unterstützt OpenBSD</a>,
Heise News-Ticker, April 8, 2003.
</strong></font><br>
OpenBSD's DARPA grant
<p>
<li><font color="#009000"><strong>
<a href="http://www.newsfactor.com/perl/story/21212.html">
NEWSFACTOR SPECIAL REPORT: Inside the World of Secure Operating Systems</a>
NewsFactor, April 8, 2003.
</strong></font><br>
Joe "Zonker" Brockmeier reports on what a secure operating system is made
of; splitting things up between trusted and hardened systems, and finally
discussion OpenBSD's path.
<p>
<li><font color="#009000"><strong>
<a href="http://www.globeandmail.ca/servlet/story/RTGAM.20030406.whack46/BNStory/Technology/?query=openbsd">
U.S. military helps fund Calgary hacker</a>,
The Globe And Mail, April 6, 2003.
</strong></font><br>
OpenBSD continues to get attention in Canada for drawing funding
from US DARPA.
Theo is quoted as pointing out that, although DARPA is funding it,
they're not telling the project what to do; just funding the
continuation of the project's good work, all released under
the BSD license.
<p>
</ul>
<h2>March, 2003</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.libroscope.org/article.php3?id_article=69">
[French] OpenBSD ne désarme pas</a>,
Libroscope interview, March 19, 2003
</strong></font><br>
The on-line ``libre people projet'' <a
href="http://www.libroscope.org">Libroscope</a> team interviewed OpenBSD
developers Marc Espie and Miod Vallat about the OpenBSD project and the
OpenBSD ``way of life''.
<p>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2003/03/13/darpabsd.html">
Hackers Meet Soldiers</a>,
ONLamp.com, March 13, 2003.
</strong></font><br>
The authors discuss OpenBSD's security background and why the
US Military under DARPA is funding development of OpenBSD.
Mentions
<a href="http://www.darpa.mil/ato/programs/chats.htm">CHATS</a>
and
<a href="http://www.cis.upenn.edu/~dsl/POSSE/">POSSE</a>
programs.
Quotes Theo as explaining that "no development serves only
government purposes": "Nearly everything that is being developed
is going into the OpenBSD source tree..."
Summarizes recent developments that are in -current and will be in 3.3.
<p>
Note: some material related to POSSE is mirrored
<a href="http://www.darwinsys.com/posse-mirror/">here</a>.
<li><font color="#009000"><strong>
<a href="http://www.seas.upenn.edu/whatsnew/computer-security.html">
DARPA Awards Computer Scientists $2.1 Million to Integrate Security Features into Mainstream Computers</a>.
</strong></font><br>
The original announcement from the University of Pennsylvania about
the cooperative effort with OpenBSD et al with DARPA funding:
"During the last few decades, the government's approach has been
to contract researchers to develop high-security workstations
specifically for its own uses, outside of the mainstream computer
industry," said [Prof. Jonathan] Smith, Professor of Computer and Information
Science at Penn. "The problem is that development of these special-purpose
computers has generally progressed so slowly that the machines,
while indeed secure, are technically obsolete by the time they are
put into service."
<p>
"Smith and colleagues at Penn, the software development consortium
OpenBSD, and the Apache Software Foundation and OpenSSL Group
propose to use the open-source movement - where programmers openly
share incremental advances - to try to engineer better security
features into mainstream computers, not only those developed just
for the military and other high-security organizations. The
government then benefits by purchasing more affordable, standardized
computers with security features."
<p>
<li><font color="#009000"><strong>
<a href="http://slate.msn.com/id/2079549/">
Bush's Cyberstrategery: The administration's war against a bogus threat </a>,
Slate,
March 3, 2003.
</strong></font><br>
Brendan Koerner's thorough dissmissal of the total unreality and FUD
surrounding the Bush Administration's recent
<a href="http://www.whitehouse.gov/pcipb/">National Strategy
to Secure Cyberspace</a>, NIPC, vendors and others who profit by
big-lie-hyping the threat of system crackers into a new force to be
made war upon, like the "war" on drugs and the "war" on terrorism.
Concludes: "... the bulk of the report's solutions are lame. Most
are meaningless jargon, such as suggesting that "future components
of the cyber infrastructure are built to be inherently secure and
dependable for their users." A fantastic sentiment, but as mushy
as stating that the president is "for the children." What about
making software vendors liable for bug-ridden products? Or rooting
out insecure Microsoft products like the troubled SQL server in favor
of more secure open-source solutions like
<a href="http://www.openbsd.org/">OpenBSD</a>?"
I can scarcely believe that Slate's owner Microsoft is paying
them to write this stuff (nor that Koerner thinks OpenBSD is a database :-)).
Finally: "Nothing so bold is forthcoming in the Strategy. Which is
yet another indicator that the czars of national computer security
are perfectly content to tease out the hyperbole in perpetuity.
The bigger the perceived threat, the greater their importance inside
the Beltway."
<p>
</ul>
<h2>January, 2003</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://kerneltrap.org/node.php?id=568">
Feature: OpenBSD's Battle For UltraSparc III Documentation</a>,
Kerneltrap, January 26, 2003.
</strong></font><br>
Jeremy Andrews writes a report about how he tried to contact Sun and make
them explain their position concerning their "open" architecture
UltraSparc-III - and fails due to Sun's no response politics.
<p>
<li><font color="#009000"><strong>
<a href="http://www.egovos.org/pdf/dodfoss.pdf">Use of Free and
Open-Source Software (FOSS) in the U.S. Department of Defense</a>,
MITRE Report Number MP 02 W0000101, revised January 2, 2003
</strong></font><br>
Prepared by The MITRE Corporation for DISA (Defense Information Systems Agency),
this report analyses how DOD uses open source software.
The summary talks briefly about various terms (free, open source, etc.),
then talks about the survey itself, one question of which was
"... the hypothetical question ...
of what would happen if FOSS software were banned in the DoD."
<br>
"The main conclusion of the analysis was that FOSS software plays
a more critical role in the DoD than has generally been recognized.
FOSS applications are most important in four broad areas: Infrastructure
Support, Software Development, Security, and Research. One unexpected
result was the degree to which Security depends on FOSS. Banning
FOSS would remove certain types of infrastructure components (e.g.,
<a href="http://www.openbsd.org/">OpenBSD</a>) that currently help
support network security.
It would also limit DoD access to, and overall expertise in, the use of
powerful FOSS analysis and detection applications that hostile groups could
use to help stage cyberattacks. Finally, it would remove the
demonstrated ability of FOSS applications to be updated rapidly in
response to new types of cyberattack. Taken together, these factors
imply that banning FOSS would have immediate, broad, and strongly
negative impacts on the ability of many sensitive and security-focused
DoD groups to defend against cyberattacks."
<br>
So, let's hope the policy wonks read this report.
<p>
</ul>
<h2>December, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://news.com.com/2100-1001-975941.html">
Open-Source clan in spat with Sun</a>,
CNET News.com, December 04, 2002.
</strong></font><br>
Report about Sun refusing to give proper documentation for their
UltraSPARC III CPUs to the OpenBSD project without signing a NDA.
<p>
<li><font color="#009000"><strong>
<a href="http://www.heise.de/newsticker/data/anw-04.12.02-006/">
[German] Sun blockiert OpenBSD</a>,
Heise News-Ticker, December 04, 2002
</strong></font><br>
Sun refusing to give proper documentation of their UltraSPARC III cpu
to the OpenBSD project without signing a NDA.
<p>
<li><font color="#009000"><strong>
<a href="http://www.eweek.com/article2/0,3959,743002,00.asp">
OpenHack 2002 Downloads</a>,
eWeek, December 03, 2002.
</strong></font><br>
eWEEK used OpenBSD as their four firewalls, mail-, web- and dns-server
in their annual OpenHack security test.
<p>
</ul>
<h2>October, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/10/31/ssn_openbsd.html">
Securing Small Networks With OpenBSD, Part 9:
Simple Things to Improve Your System's Security</a>,
O'Reilly Network, October 31, 2002.
</strong></font><br>
Learn how to further improve the security of the system like using
file flags, disallowing root login via OpenSSH or creating and using
md5 digests.
<p>
<li><font color="#009000"><strong>
<a href="http://www.eweek.com/article2/0,3959,640713,00.asp">
OpenBSD 3.2 is back on track</a>,
eWeek, October 18, 2002.
</strong></font><br>
A nice summary of the developers recent struggle to secure the system
even more. The article sums up those new features and recommends OpenBSD
especially for "those edge-of-the-network spots where things have to be
right the first time."
<p>
</ul>
<h2>August, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/08/22/ssn_openbsd.html">
Securing Small Networks With OpenBSD, Part 8: Managing Advanced PF Logs</a>,
O'Reilly Network, August 22, 2002.
</strong></font><br>
Using Perl to improve the "readpflog" script from
<a href="http://www.onlamp.com/pub/a/bsd/2002/07/25/ssn_openbsd.html">
part 6</a>.
<p>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/08/08/ssn_openbsd.html">
Securing Small Networks With OpenBSD, Part 7:</a>,
O'Reilly Network, August 08, 2002.
</strong></font><br>
Improving the security of remote logging and learning how to calculate
the necessary space for logging is the target of this part of the series.
<p>
<li><font color="#009000"><strong>
<a href="http://urtica.linuxnews.pl/">
[Polish] OpenBSD and Linux</a>,
LinuxNews Radio, August 2, 2000
</strong></font><br>
Bartek Rozkrut (aka Madey), made a guest appearance on LinuxRadio, speaking
about differences between OpenBSD and Linux. During the show, listeners were
able to comment and ask questions on IRCNET's #linuxnews channel. The main
criticism was that OpenBSD doesn't support SMP and isn't available for the
IA-64 platform. LinuxNEWS is the biggest polish Linux news service, covering
the entire Linux scene in Poland.<br>
<i>Here's the
<a href="http://urtica.linuxnews.pl/radio/audycja7.mp3">MP3</a></i>.
<p>
</ul>
<h2>July, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/07/25/ssn_openbsd.html">
Securing Small Networks With OpenBSD, Part 6</a>,
O'Reilly Network, July 25, 2002.
</strong></font><br>
Archiving pf log files using a monitoring station is how the
<a href="http://www.onlamp.com/pub/ct/58">series</a> continues.
<p>
<li><font color="#009000"><strong>
<a href="http://ezine.daemonnews.org/200207/transpfobsd.html">
HOWTO: Transparent Packet Filtering with OpenBSD</a>,
Daemonnews E-Zine, July 01, 2002.
</strong></font><br>
Another article describing a transparent bridging firewall with OpenBSD,
this time using pf.
<p>
</ul>
<h2>June, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/06/20/openbsd.html">
Securing Small Networks With OpenBSD, Part 5</a>,
O'Reilly Network, June 20, 2002.
</strong></font><br>
The <a href="http://www.onlamp.com/pub/ct/58">series</a> is continued with
an article about the secret life of pf log files, or better
their rotation.
<p>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/06/06/ssnwopenbsd.html">
Securing Small Networks With OpenBSD, Part 4</a>,
O'Reilly Network, June 06, 2002.
</strong></font><br>
More material about pf, this time describing how to do proper logging in pf.
<p>
</ul>
<h2>April, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/04/25/securing.html">
Securing Small Networks With OpenBSD, Part 3</a>,
O'Reilly Network, April 25, 2002.
</strong></font><br>
Another article in this <a href="http://www.onlamp.com/pub/ct/58">series</a>,
describing how packets are handled by pf, and how sendmail can get problems
if you set your firewall up like told in article 1 and 2.
<p>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/04/11/securing.html">
Securing Small Networks With OpenBSD, Part 2</a>,
O'Reilly Network, April 11, 2002.
</strong></font><br>
The successor of an article covering OpenBSD 2.9 and ipf, this article
covers OpenBSD 3.0 and pf. Basics of pf and translation of firewall rules
from ipf to pf are the main topics.
<p>
</ul>
<h2>March, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://zdnet.com.com/2100-1107-863169.html">
Want a Windows alternative? Try BSD</a>,
ZDNet News AnchorDesk, March 19, 2002.
</strong></font><br>
Pretty good commentary about the three BSD. Author talks about why people might
want to look at the various BSD instead of Linux. It especially praises
OpenBSD's development methodologies and security by default attitude.
<p>
</ul>
<h2>February, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2002/02/28/openbsd.html">
Securing Small Networks With OpenBSD, Part 1</a>,
O'Reilly Network, February 28, 2002
</strong></font><br>
The beginning of a series about OpenBSD as a firewall, using ipf as the packet filter,
and thus less up-to-date than the rest of the series, which uses pf.
<p>
<li><font color="#009000"><strong>
<a href="http://theregister.co.uk/content/55/24239.html">
Woz blesses Captain Crunch's new box</a>,
The Register, February 27, 2002
</strong></font><br>
Andrew Orlowski talking to Steven Wozniak about Captain Crunch's new CrunchBox,
a Firewall/IDS system running OpenBSD 2.9 and snort together with some custom-written heuristics.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2002/February/Features642.html">
Parents: OpenBSD Is Superior</a>,
BSD Today, February 27, 2002
</strong></font><br>
Ben Goren tells us, why he prefers OpenBSD instead of a well known Linux distribution
on the desktop of his parents.
<p>
<li><font color="#009000"><strong>
<a href="http://www.openlysecure.org/openbsd/how-to/invisible_firewall.html">
Memoirs of an invisible firewall</a>,
openlysecure.org, February 13, 2002
</strong></font><br>
An older article discussing the usage of OpenBSD as a bridged firewall
using IPFilter.
<p>
<li><font color="#009000"><strong>
<a href="http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2846265,00.html">
BSD operating systems: Perspective</a>,
ZDNet Tech Update, February 13, 2002
</strong></font><br>
A discussion about the three free BSDs and BSD/OS as competitors to Linux and commercial
Unices. Mary Hubley overviews themes beginning from the history of BSD to the future
perspectives of the four OS.
<br>
The OpenBSD review stresses the security of the OS as well as integrated crypto
mechanisms like OpenSSH, IPsec or Kerberos.
<p>
<li><font color="#009000"><strong>
<a href="http://www.osopinion.com/perl/story/16160.html">
OpenBSD as an example for Microsoft would-be improvements in
software and security</a>,
OS Opinion, February 5, 2002
</strong></font><br>
Following Microsoft's purposed announcement to address
security issues in its code, the author of this article sets
OpenBSD as the only example known to him of an OS which is
regularly audited for security problems in its source code.
He warns other Operating Systems to start taking security as a
serious issue and says: "<em>Should Microsoft have even
a fraction of success in finding and squashing bugs that
OpenBSD has had, other OS developers might find themselves in
a bad position soon.</em>"<br>
Not bad for a marketing campaign, though Microsoft's records
offer no credibility ... whereas OpenBSD has proved it's a
security conscious team beyond doubt.
<p>
</ul>
<h2>January, 2002</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2002/January/Features617.html">
A commercial hosting company implements OpenBSD: An
Interview</a>,
BSD Today, January, 2002
</strong></font><br>
Open Source writer Robert Bernstein talks to Chris Nadovich,
owner and operator of a web and Unix shell hosting venture.
C. Nadovich tells about how they migrated from their early
SysV systems to Linux and finally to BSD, which he explains in
terms of their security concern "<em>It was the rise of
evil in the networking world that opened our eyes to some
"compelling differences" and eventually brought us to
OpenBSD.</em>".<br>
In all, a very good article on how an experienced Internet
services provider business ended up with OpenBSD as their OS
of choice.
<p>
</ul>
<h2>December, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2001/December/News604.html">
OpenBSD 3.0 officially released</a>,
BSD Today, December, 2001
</strong></font><br>
OpenBSD 3.0 release announcement on BSD Today.
<p>
<li><font color="#009000"><strong>
<a href="http://www.itworld.com/nl/unix_insider/12182001/">
OpenBSD 3.0 Debuts</a>,
ITworld, December 18, 2001
</strong></font><br>
Features the OpenBSD 3.0 release announcement and some
comments from Theo de Raadt on this new version.
<p>
</ul>
<h2>November, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.kerneltrap.org/article.php?sid=389">
Interview with Theo de Raadt</a>,
kerneltrap.org, November 26, 2001
</strong></font><br>
Jeremy Andrews on an extensive interview with Theo de Raadt.
Most of the interview are interesting questions and answers,
but Theo seems to enjoy some of the questioning, like when he
is asked about Soft Updates or the current state of OpenBSD's
new packet filter, PF, offering then an expanded view on the
subjects. Worth a read.
<p>
<li><font color="#009000"><strong>
<a href="http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2822483,00.html">
OpenBSD: The most secure OS around</a>,
ZDNet, November 6, 2001
</strong></font><br>
IT columnist and former NASA and DoD network administrator and
programmer Steven Vaughan-Nichols, praises the OpenBSD
security audits and the team's search for potential problems
and its resolution to fix them <strong>before</strong> they
can develop into security holes: <em>"Unlike
most operating system vendors, the OpenBSD crew is proactive
rather than reactive to security problems."</em><br>
Then goes on naming OpenBSD's <em>secure by default</em>
policy, Kerberos authentication protocol implementation, and
TCP/IP stack built-in IPsec protocol, as ready to use VPN
solutions whereas they are options to be installed and applied
on other operating systems.<br>
Furthermore, he writes he agrees with Theo de Raadt while
quoting him saying <em>"security is usually increased by
removing stuff, not by adding more junk"</em> in that
it's easier to keep something simple secure.
<p>
<li><font color="#009000"><strong>
<a href="http://www.byte.com/documents/s=1778/byt20011031s0004/">
Operating System 2010</a>,
Byte, November 5, 2001
</strong></font><br>
A look into the near future for Operating Systems evolution,
covering the level of software integration into the core
system, OS built-in security, server and client distinction,
and open, hybrid or closed models. Steven J. Vaughan-Nichols
shows these perspectives from various OS speakers point of
view, where the UNIX model in general, and OpenBSD model in
particular, have a lot to say in this matter.
<p>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/articles/tc/xml/01/11/05/011105tcbsd.xml">
BSD's strength lies in devilish details</a>,
InfoWorld November 2, 2001
</strong></font><br>
By Tom Yager. In a comparison of the BSD-derived systems with
those based in the Linux kernel, the author underlines the
stability and security strengths of the BSDs. He brands
OpenBSD as the <em>cop</em> of the group, remarking the fact
that <em>"has never been breached to allow privileged
access to an OpenBSD server"</em>.
<p>
</ul>
<h2>October, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/articles/op/xml/01/10/29/011029opsource.xml">
Already a Contender</a>,
InfoWorld, October 29, 2001
</strong></font><br>
Open source consultant Russell Pavlicek advocates on open
source software in response to an article which claimed that
open source cannot innovate. He refutes this claim naming a
few open source software such as sendmail, apache or BIND, ...
<em>Oh, and if you are tired of IIS being hacked, try Apache
under OpenBSD for a much secure Web presence.</em>
<p>
<li><font color="#009000"><strong>
<a href="http://zdnet.com.com/2100-1107-504079.html">
How Code Red revealed the perils of port 80</a>,
ZDNet, October 2, 2001
</strong></font><br>
IT writer, Stephan Somogyi, and Counterpane Systems' CTO,
Bruce Schneier, in an article about the effects and
consequences of the Code Red worm which attacked Webservers
running the IIS from Microsoft, the merits of reliability
instead of new features are discussed. As a positive example
they use OpenBSD.
<p>
</ul>
<h2>August, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.nas.nasa.gov/About/Media/announcements.html#alert_8_23_01">
OpenBSD firewall gateway at NASA's Advanced Supercomputing
Division</a>,
August 23, 2001
</strong></font><br>
The network security group in the NASA Advanced Supercomputing
(NAS) Division implements a firewall gateway with OpenBSD
which was deployed, according to the NASA announcement, to
<em>addresses the well-known problems of the 802.11b standard
wireless systems -- with a minimum of time and
investment</em>.<br>
The implementation details can be seen on their
<a href="http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html">Wireless Firewall Gateway White Paper</a>.
<p>
<li><font color="#009000"><strong>
<a href="http://www.ciberpais.elpais.es/d/20010816/cibersoc/soc1.htm">
[Spanish] HAL 2001 coverage</a>,
Ciberpaís (El País), August 16, 2001
</strong></font><br>
The online edition of this major Spanish newspaper offers a
short coverage of <a href="http://www.hal2001.org">HAL
2001</a>. The author pays attention to the stickers on the
laptops and t-shirts on people, which appeared to him like
<em>"a medieval tournament where the most powerful ones
showed their war banners: <strong>OpenBSD</strong>, CCC,
A Cypherpunks, 2600, Indymedia..."</em>
<p>
<li><font color="#009000"><strong>
<a href="http://www.unixreview.com/documents/s=1232/urm0108m/">
Thinking about Security</a>,
Unix Review, August 2001
</strong></font><br>
Following the Code Red worm hit of ISS, Joe "Zonker"
Brockmeier takes a tour through systems administration
security and says that even secured operating systems running
Apache like OpenBSD and others have security issues from time
to time.<br>
Oh well, we'll have to live with not having a total secure
system and just the most secure system.
<p>
<li><font color="#009000"><strong>
<a href="http://www.samag.com/documents/s=1147/sam0108m/">
Homebrew Intrusion Detection Systems</a>,
SysAdmin, August 2001
</strong></font><br>
Chris Kuethe goes one step ahead of installing network
intrusion detection systems and writes on how to make the
right environment for these tools and how to put them to work
instead, for which he takes OpenBSD as the platform of his
choice:<br>
<em>"To the best of my knowledge (reproducible evidence
to the contrary is welcome) OpenBSD has the fastest IP stack
available (although all BSD-derived operating systems have
good network code) and an enviable security record. The
network monitor is unique in that it is often outside of any
network security devices and as such must be well
armored."</em><br>
For the references, he points out that <em>"OpenBSD has
thorough documentation; almost everything you'll ever need to
know about making your analysis station be well behaved and
stable can be found in the man pages or the FAQ."</em>
<br>
Bravo!
<p>
</ul>
<h2>July, 2001</h2>
<ul>
<li><font color="#009000"><strong>
An article on <a href="http://www.sun.com/blueprints/0701/openSSH.html">
Sun's Solaris Blueprints Online series</a>
</strong></font>
talks about OpenSSH as a good replacement for telnet, rlogin, and friends.
The article goes on to say:
<br>"OpenSSH is managed by the OpenBSD team. OpenBSD is an open
source operating system based on BSD 4.4-Lite and is available for
free. A major goal of the OpenBSD project is to create a secure
operating system by auditing source code, fixing security problems
quickly, and integrating security tools and cryptographic software..."
<p>
</ul>
<h2>June, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.internetweek.com/reviews01/rev061801.htm">
The OS X Files: Apple's updated operating system looks to the Internet</a>,
InternetWeek, June 18, 2001
</strong></font><br>
On a review of the Mac OS X, Larry Loeb addresses the question
on how the change from Mac OS to Mac OS X will affect security
by saying:<br> <em>"[...] the Unix layer is based on OpenBSD,
one of the most secure Unix distributions out there."</em>
<p>
<li><font color="#009000"><strong>
<a href="http://www.itviikko.fi/uutiset/uutinen.asp?UutisID=46057">
[Finnish] ITviikko - uutinen</a>,
June 14, 2001 </strong></font><br>
A short article about IPF threatening the OpenSource Principles of OpenBSD,
and thus IPF will be removed from OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://nyheter.idg.se/display.asp?id=010613-CS3">
[Swedish] Computer Sweden</a>,
June 13, 2001</strong></font><br>
Picked up on OpenBSD 2.9 press release.
<p>
<li><font color="#009000"><strong>
<a href="http://zdnet.com.com/2100-11-530016.html">
Strife and success in the land of open source</a>,
ZDNet News, June 11, 2001
</strong></font><br>
Stephan Somogyi reviews the latest issue with the IPF license and
examines why the OpenBSD team made the decision of removing it from
its source tree altogether. But <em>"code talks, and OpenBSD has
spoken quite eloquently in the past"</em>, writes Somogyi. Later
on the article he comments on the team's <em>licence audit</em> through
the OpenBSD source code and Wietse Venema's decision to change his
tcp_wrappers' licence after a talk with Theo de Raadt.
<br>
To make up for the stormy issue that IPF's licence has meant for the
Open Source community, in the last lines of this article Somogyi writes
a small review of our latest release, OpenBSD 2.9, which he calls an
<em>"unheralded open source success story"</em>.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2001/June/Features496.html">
Interview with Wietse Venema about his tcp_wrappers license</a>,
BSD Today, June 1, 2001
</strong></font><br>
Doing more research about licenses in the BSD tree, Jeremy C. Reed found that the license of
the tcp_wrappers wasn't compliant with the BSD goals. The following interview with Wietse Venema
caught the eye of Theo de Raadt, who had a lengthy and fun discussion about the license with Wietse.
<br>
The new
<a href="ftp://ftp.porcupine.org/pub/security/tcp_wrappers_license">license</a>
of tcp_wrappers is now free, as is the
<a href="ftp://ftp.porcupine.org/pub/security/logdaemon_license">license</a> on logdaemon!
<p>
</ul>
<h2>May, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://false.net/ipfilter/2001_05/0332.html">Re: IPFilter 3.4 update. </a>,
Darren Reed, IPFilter mailing list archive, May 19, 2001<br>
<a href="http://lwn.net/2001/0524/#ipfilter">BSD is not free software?</a>,
LWN weekly news, May 24, 2001<br>
<a href="http://www.bsdtoday.com/2001/May/News489.html">IP Filter License change?</a>,
Jeremy C. Reed, BSD Today, May 24, 2001<br>
<a href="http://www.deadly.org/article.php3?sid=20010527142347">
Changes in IPFilter license to affect OpenBSD?</a>,
Dengue, OpenBSD Journal, May 27, 2001<br>
<!-- <a href="http://securityportal.com/articles/ipf20010528.html"> -->
IPF: Free no more?,
Kurt Seifried, Security Portal, May 28, 2001 <br>
<a href="http://slashdot.org/article.pl?sid=01/05/28/1225224&mode=thread">IPF License Change: Redistribution Not Allowed</a>,
Timothy, Slashdot, May 28, 2001<br>
<a href="http://slashdot.org/article.pl?sid=01/05/28/0610252&mode=thread">Changes in IPFilter License</a>,
Hemos, Slashdot, May 28, 2001 <br>
<a href="http://www.deadly.org/article.php3?sid=20010530141105">
IPF removed from OpenBSD</a>,
Dengue, OpenBSD Journal, May 30, 2001<br>
<a href="http://linuxtoday.com/news_story.php3?ltsn=2001-05-30-001-20-NW-BD">IPFilter Comes Out of OpenBSD CVS</a>,
Theo de Raadt, Linux Today, May 30, 2001<br>
<a href="http://news.cnet.com/news/0-1003-200-6119988.html">Open-source spat spurs software change</a>,
Stephen Shankland, CNET.com - Tech News, May 30, 2001<br>
<a href="http://nyheter.idg.se/display.asp?id=010531-cs14"> [Swedish] Computer
Sweden</a>, May 31, 2001<br>
<a href="http://lwn.net/2001/0531/a/ipfilter-gone.php3">ipf (more)</a>,
Theo de Raadt, LWN weekly news, May 31, 2001<br>
<a href="http://lwn.net/2001/0601/">IP Filter licensing followup.</a>,
LWN weekly news, June 1, 2001<br>
<a href="http://www.bsdtoday.com/2001/June/Features495.html">
BSD project goals, IP Filter licensing, and Darren Reed interview</a>,
Jeremy C. Reed, BSD Today, June 1, 2001<br>
<a href="http://www.computerworld.com/cwi/story/0,1199,NAV47_STO61038,00.html">
OpenBSD drops firewall program in licensing dispute</a>,
Todd R. Weiss, ComputerWorld, June 1, 2001<br>
<a href="http://slashdot.org/article.pl?sid=01/06/03/1911246&mode=thread">Changes in IPFilter License</a>,
Hemos, Slashdot, June 3, 2001<br>
<a href="http://www.newsforge.com/article.pl?sid=01/06/06/169245&mode=thread">
OpenBSD and ipfilter still fighting over license agreement</a>,
NewsForge, June 6, 2001<br>
<a href="http://slashdot.org/article.pl?sid=01/06/25/1557213">
OpenBSD gets brand-new packet filter</a> <em>(Slashdot echoes OpenBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> development.)</em>,
Slashdot, June 25, 2001<br>
</strong></font><br>
Many articles and discussions follow after Darren Reed clarified the license of his
<a href="http://coombs.anu.edu.au/~avalon/ip-filter.html">IP Filter</a> software.<br>
Because IPF is not <a href="http://www.opensource.org">Open Source</a> and does not qualify for
<a href="goals.html">OpenBSD licence rules</a>, IPF was removed from future release,
and will be replaced with a free alternative.
<p>
<li><font color="#009000"><strong>
<a href="http://www.seifried.org/security/os/20011107-linux-openbsd.html">
Why Linux Will Never Be as Secure as OpenBSD</a>,
SecurityPortal (now at Seifried's site), May 16, 2001
</strong></font><br>
As a followup to his article one week before, titled
<a href="http://www.seifried.org/security/os/20011107-openbsd-linux.html">"Why OpenBSD will never be as secure as Linux"</a>,
Kurt Seifried comes to the conclusion that clean and good
programming is more important than dozens of features and
add-ons, therefore OpenBSD users are in a better position.
<p>
<li><font color="#009000"><strong>
<a href="http://news.com.com/2100-1001-257013.html">
Flaw found in common Internet standard</a>,
ZDNet News, May 3, 2001
</strong></font><br>
Robert Lemos talks about the <a href="http://www.cert.org">CERT</a>
<a href="http://www.cert.org/advisories/CA-2001-09.html">warning</a>
concerning the Initial Sequence Numbers (ISN), which could be used to hijack
TCP connections of several OS's, but not so with OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://nyheter.idg.se/display.asp?id=010503-cs7">
[Swedish] Computer Sweden</a>,
May 3, 2001</strong></font><br>
A report on FreeBSD really, but with an explicit statement of OpenBSD
being best of brand when it comes to security.
<p>
</ul>
<h2>April, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://razor.bindview.com/publish/papers/tcpseq.html">
Strange Attractors and TCP/IP Sequence Number Analysis</a>,
Razor Bindview, April 21, 2001
</strong></font><br>
Michal Zalewski reports and provides an overview over the degree of
probability that someone can successfully insert a malicious packet
into your TCP connection.<br>
In a series of pretty graphs, several OS are covered, including
Windows 9x, ME and 2000, Solaris, Linux and the BSD family.<br>
Good scoring for OpenBSD, we're nearly safe up to 2.8, and
completely safe from 2.9 on.
<p>
<li><font color="#009000"><strong>
<a href="http://nyheter.idg.se/display.asp?id=010420-cs6">
[Swedish] Computer Sweden</a>,
April 20, 2001</strong></font><br>
A statement that Cygate's Service Protector product is based on OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://www.seifried.org/security/articles/20011015-elias-levy-interview.html">
Abandon hope all ye who enter here</a>,
Security Portal (now at Seifried's site), April 05, 2001
</strong></font><br>
Kurt Seifried interviews Elias Levy, a.k.a. Aleph1 from BugTraq, who
states that <em>"efforts like the one from the OpenBSD project
<strong>are a must</strong>"</em> and then goes further to say
that <em>"systems that have gone through a source code security
audit should include a mandatory tag that says <strong>Lasciate ogne
speranza, voi ch'intrate</strong>"</em>.<br>
Through the interview he also gives a very interesting note on other
complex security models implemented to existing systems, and how
incorrect implementation or configuration of such models results in
vulnerabilities. Security through simplicity... doesn't this sound
familiar?
<p>
</ul>
<h2>March, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/onlamp/2001/03/02/ipv6_ItoJun.html">
IPv6: An Interview with Itojun</a>,
O'Reilly Network, March 2, 2001
</strong></font><br>
Hubert Feyrer interviews Jun-ichiro "itojun" Hagino, one of the
core KAME developers, who integrated the KAME IPv6 stack into OpenBSD and
NetBSD. He's a bit disappointed by the slow deployment of IPv6 -- the router
makers say there is no demand, and the ISPs are waiting for hardware. He
talks also about the other cool projects by KAME and WIDE projects, and says
you've got to visit Japan -- it's the place to be if you're a BSD geek!
<p>
<li><font color="#009000"><strong>
<a href="http://www.infosecuritymag.com/articles/march01/features1_open_source_sec.shtml">
Open source under the hood</a>,
Information Security, March 2001.
</strong></font><br>
More and more commercial software vendors are turning to open source software,
including OpenBSD, to provide the building blocks for their products. Columnist
Pete Loshin discusses the security implications.
<p>
<li><font color="#009000"><strong>
<a href="http://www.net-security.org/text/articles/mostsecure.shtml">
Your Opinion: "Most Secure OS"</a>,
Help Net Security, March 2001
</strong></font><br>
Out of 340 reader opinions, the editors picked five, two of which opined
that OpenBSD had the clear lead to the title of "Most Secure OS".
<p>
</ul>
<h2>February, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.thedukeofurl.org/reviews/misc/openbsd28/">
Review: OpenBSD 2.8</a>,
The Duke of URL, February 9, 2001
</strong></font><br>
A very thorough review of OpenBSD 2.8 by Patrick Mullen, trying it on both
Intel and AMD hardware, showing screen shots of the installation process.
Oh, by the way, he refutes that earlier review that complained OpenBSD
wouldn't run on VMware. Here's a toast to reviewers who do their homework.
<p>
<li><font color="#009000"><strong>
<a href="http://geodsoft.com/howto/harden/">
Hardening OpenBSD Internet Servers</a>,
GeodSoft, February 7, 2001
</strong></font><br>
Not really a press article, but this how-to has good pointers on locking down
an OpenBSD server, including how to create a recovery CD to minimize site
downtime (hey, hardware breaks). The tips apply also to other operating systems.
<p>
</ul>
<h2>January, 2001</h2>
<ul>
<li><font color="#009000"><strong>
<u>Global geeks bet on open source</u>,
The Globe and Mail, January 29, 2001
</strong></font><br>
Columnist Jim Carroll uses the latest round of attacks on Microsoft sites
to drum up a bit more business for open source software, including OpenBSD,
<em>"which is known for its absolutely bedrock security"</em>.
<br>(Print only).
<p>
<li><font color="#009000"><strong>
<a
href="http://www.newsforge.com/article.pl?sid=01/01/29/1718219">
Theo de Raadt gives it all to OpenBSD</a>,
NewsForge, January 29, 2001
</strong></font><br>
This time, Open Source people profiler Julie Bresnick interviews Theo de Raadt,
lead developer of OpenBSD, about how he started, the OpenBSD
"family", hacking, conferences, friends, beer and mountain bikes.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2001/January/News394.html">Tucows
BSD Channel is no more</a>,
BSD Today, January 24, 2001
</strong></font><br>
Editor Jeremy Reed fails to shed a tear for the poorly edited (and often
openly hostile) bsd.tucows.com site.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.newsforge.com/article.pl?sid=01/01/16/0333216">
With Snoopy's Eriksen, the more things change, the more they stay the same</a>,
NewsForge, January 16, 2001
</strong></font><br>
In another quirky Open Source people profile, NewsForge columnist Julie
Bresnick interviews Aamodt Eriksen, author of the Snoopy command logger, who
runs OpenBSD on his ThinkPad and acknowledges as a role model, among others,
our own Theo de Raadt.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.bsdtoday.com/2001/January/Features379.html">
A lot of misinformation about BSD</a>,
BSD Today, January 6, 2001
</strong></font><br>
Editor Jeremy Reed takes the bsd.Tucows.com BSD reviewers to task for some
inaccurate and ill-informed reviews, like the one that said that OpenBSD was
licensed under the GPL (hint, it's anything but -- see our
<a href="policy.html">policy page</a>. [Note Jan.24: bsd.tucows.com has been
shut down.]
<p>
<li><font color="#009000"><strong>
<a href="http://www.ddj.com/documents/s=865/ddj0165a/">
Theo de Raadt, Todd Miller, Angelos Keromytis, Werner Losh, and Jack Woehr
at "A Roundtable on BSD, Security, and Quality"</a>,
Dr. Dobb's, January, 2001
</strong></font><br>
Contributing Editor Jack Woehr moderated a roundtable with four
key members of the BSD movement at the recent USENIX Security Symposium 2000.
<p>
</ul>
<h2>December, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a
href="http://eltoday.com/article.php3?ltsn=2000-12-26-001-13-PS">
Florist.com Blossoms with Open Source E-Commerce Software from Akopia</a>,
Enterprise Linux Today, December 26, 2000
</strong></font><br>
On-line flowers for Hollywood glitterati? OpenBSD in the supporting cast. Story
by John Wolley
<p>
<li><font color="#009000"><strong>
<a
href="http://www.theregister.co.uk/content/4/15614.html">
OpenBSD exploit gets serious</a>,
The Register, December 20, 2000
</strong></font><br>
OpenBSD developers upgrade the importance of an esoteric buffer overflow in the
FTP daemon after an exploit is published (ftpd is not enabled by default in
OpenBSD).
<p>
<li><font color="#009000"><strong>
<a
href="http://slashdot.org/article.pl?sid=00/12/11/1455210&mode=thread">Theo de
Raadt Responds</a>, Slashdot, December 11, 2000
</strong></font><br>
Lead developer Theo de Raadt answers reader questions moderated by Slashdot
editor Roblimo. The mass interview covers a seriously wide range of topics:
sharing the code auditing experience, securing the <a href="ports.html">ports
tree</a>, books of various colours, secure coding practices, hardware, patches
and hindsight.
<p>
<li><font color="#009000"><strong>
<a href="http://www.itbusiness.ca/index.asp?theaction=61&sid=27059">
OpenBSD Updated</a>, Computer Dealer News, December 8, 2000
</strong></font><br>
A small article on 2.8 release and CD sales.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.maccentral.com/news/0012/07.openbsd.shtml">OpenBSD 2.8 runs on G3/G4 machine</a>, MacCentral Online,
December 7, 2000
</strong></font><br>
OpenBSD 2.8 has been released -- it's free -- and will now run on
iMac, G3, G4, and G4 Cube machines. And if that is Greek to you, let
us explain.
<p>
<li><font color="#009000"><strong>
<a href="http://seifried.org/security/technical/20020307-kernel-options.html">
System and Network Security - Kernel Options</a>,
Kurt's Closet, Security Portal,
December 6, 2000
</strong></font><br>
Going beyond the usual security measures means looking at some often
neglected kernel options and settings. Kurt Seifried looks at kernel
options under OpenBSD, Linux and Solaris.
<p>
<li><font color="#009000"><strong>
<a href="http://www.zdnet.co.jp/macwire/0012/06/c_opinion.html">
[Japanese] Opinion: why I use OpenBSD</a>,
MacWIRE Online, ZDNet Japan, December 6, 2000
</strong></font><br>
Translation of Stephan Somogyi's opinion piece, explaining why he runs
OpenBSD. Some might argue that his example security flaw,
open spam relays, is really no big deal, but we think it raises an
important point: if an OS or mail system ships with relaying open by default,
what message does that send about that system's resistance to less trivial
attacks. He also chides Intel and 3Com for not providing driver
documentation to allow their IPsec networking cards to be used.
<p>
<li><font color="#009000"><strong>
<a
href="http://macweek.macworld.com/2000/12/03/1204bsd.html">
Why I use OpenBSD</a>, MacWeek, December 4, 2000
</strong></font><br>
Stephan Somogyi explains why he runs OpenBSD, largely due to OpenBSD's
emphasis on security. Some might argue that his example security flaw,
open SPAM relays, is really no big deal, but we think it raises an
important point: if an OS or mail system ships with relaying open by default,
what message does that send about that system's resistance to less trivial
attacks. He also chides Intel and 3Com for not providing driver
documentation to allow their IPsec networking cards to be used.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.upside.com/texis/mvm/open_season?id=3a26ad1a2">BSD
community learns to get along</a>, Open Season, Upside Today, December 1, 2000
</strong></font><br>
OpenBSD gets a passing mention in this cheerleader piece by Sam Williams about
the wide distribution potential of the BSD-derived Mac OS X.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2000/December/News345.html">
OpenBSD 2.8 officially released</a>, BSD Today, December, 2000
</strong></font><br>
OpenBSD 2.8 official release announcement on BSD Today.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.ddj.com/documents/s=875/ddj0065o/">
The Future of OpenBSD: A Conversation with Theo de Raadt</a>,
Dr. Dobbs Journal, December 2000
</strong></font><br>
Contributing editor Jack J. Woehr's interview with Theo de Raadt at Usenix
Security Symposium 2000 gives a bit of insight about project dynamics, where
the OS is headed, and on how the security audit evolved from a hunt for
security holes to a philosophy of correct and bug-free programming.
<p>
</ul>
<h2>November, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://zdnet.com.com/2100-1107-503171.html">
BSD to leapfrog Linux</a>, ZDnet Linux Opinion, November 29, 2000
</strong></font><br>
A somewhat speculative article by Henry Kingman based on recent the recent
flurry of releases, new products and conference activity from the BSD world.
<p>
<li><font color="#009000"><strong>
<a href="http://macweek.macworld.com/2000/11/19/1123somogyi.html">
<!-- http://www.zdnet.com/zdnn/stories/comment/0,5859,2657124,00.html" -->
Is Darwin getting due respect?</a>, MacWeek, November 23, 2000
</strong></font><br>
Stephan Somogyi dismisses Apple's open source offering as "opportunistic",
Darwin, and sneaks in a tip of the hat to OpenBSD.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.nwfusion.com/columnists/2000/1120works.html">Beyond Windows
and Linux: Discovering the BSDs</a>, NetworkWorld Fusion, November 20, 2000
</strong></font><br>
Worried that Linux will be de-stabilized by the hype machine? Paul Hoffman
suggests a serious look at the BSD-based operating systems.
<p>
<li><font color="#009000"><strong>
<a href="http://www.thelinuxgurus.org/linuxopenbsdfirewalls.shtml">Building
Linux and OpenBSD Firewalls</a>, book review, The Linux Gurus, November 18, 2000
</strong></font><br>
In this detailed review of the Sonnenreich & Yates
<a href="http://www.openbsd.org/books.html">firewalls book</a>, the unnamed
author concludes that the authors aren't paranoid enough in stripping down
the firewall system to the bare essentials.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.vnunet.com/Features/1113887">What the future holds for
Unix</a>, vnunet.com, November 10, 2000
</strong></font><br>
Dave Cartwright dons the weird robes and gazes into the crystal ball for
the future of big-iron UNIX, Linux and BSD. Best quote in the article:<br>
<em>"Linux, FreeBSD and OpenBSD will continue to flourish due to their
openness, price, quality and attitude."</em>. Quality, that's us (and
much of the attitude too).
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://www.sunworld.com/sunworldonline/swol-11-2000/swol-1110-silicon.html"> -->
<u>BSDCon 2000: A small, tasty conference</u>, Sun World, November 2000
</strong></font><br>
Silicon Carny columnist Rich Morin reviews BSD Con 2000. He gives an overview
of the five BSD variants available and a bit of atmosphere from the conference.
<p>
</ul>
<h2>October, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/closet/closet20001025.html"> -->
<u>Auditing Code, Kurt's Closet</u>, Security Portal, October 31, 2000
</strong></font><br>
Kurt Seifried interviews John Viega, author of the ITS4 code auditing
system. While he acknowledges the value of OpenBSD's strictly
expert-based auditing process, he argues that using even an imperfect
auditing tool is better than no audit at all.
<p>
<li><font color="#009000"><strong><a
href="http://www.zdnet.com/intweek/stories/news/0,4164,2644279,00.html">Linux
Boosts Unix</a>, ZDnet Inter@ctive Week, October 23, 2000
</strong></font><br>
Charles Babcock suggests that Unix and freenix OSes like Linux and
OpenBSD are putting the squeeze on Microsoft Windows 2000's share of
the high end server market. Not bad for a bunch of hackers who just do
it because they love coding...
<p>
<li><font color="#009000"><strong>
<a href="http://www.stallion.com/html/support/bsdcon-paper.html">Porting
OpenBSD to the Motorola ColdFire</a>, BSDCon, October 18, 2000
</strong></font><br>
Dean Fogarty and David O'Rourke, engineers at Stallion Technologies
Pty Ltd in Australia, presented this paper at BSDCon.<br>
<i>"Making an Internet embedded appliance for public
consumption is not a simple task. Choices including hardware, code
development and user interface design must be made, each of which could
either help or hinder a product. This paper outlines how and why
Stallion Technologies used the Motorola ColdFire CPU and the OpenBSD
operating system to create a successful Internet appliance."</i>
<p>
<li><font color="#009000"><strong>
<!-- a href="http://www.feedmag.com/essay/es405lofi.html" -->
<a href="http://www.guardian.co.uk/weblogarticle/0,6799,194423,00.html">
Cry Hackerdom!</a>, FEED (Guardian Unlimited), October 17, 2000
</strong></font><br>
Brendan Koerner continues his exploration of the digital world with a
visit to this year's Defcon. There's a cameo appearance by Theo de Raadt,
cast as a starving hacker. Before the article sets off a
verge-of-financial-collapse panic on the mailing lists, we'd like to make
a correction: Theo can occasionally afford a pint of Guinness to go with
the pizza.
<p>
<li><font color="#009000"><strong>
<a href="http://rootprompt.org/article.php3?article=1061">Sniping at
OpenBSD</a>, #RootPrompt.org, October 9, 2000
</strong></font><br>
Columnist Noel discusses some of the angry comments made about
OpenBSD's Bugtraq disclosure of a localhost vulnerability . He gets
at the point of the source code audit: it's not to find exploitable
holes, but rather to fix bugs so that they never become security
problems.
<p>
<li><font color="#009000"><strong>
<a href="http://napalm.osuny.co.uk/txt/issue7.txt">Using IPSEC and Samba to integrate Windows Networks</a>, Napalm, October 6, 2000
</strong></font><br>
OpenBSD, IPsec, IPF, Samba and Windows: azure covers it all in this
networking epic about connecting two Windows-based networks over a VPN
- whether they like it or not.
<p>
<li><font color="#009000"><strong>
<a href="http://www.upsidetoday.com/texis/mvm/story?id=39dceffe0.html">
OpenBSD plugs a rare security leak</a>, Upside Today, October 6, 2000
</strong></font><br>
Developer Aaron Campbell is interviewed by Upside reporter Sam Williams
about the recent concern over format string vulnerabilities and how
OpenBSD has responded to the threat.
<p>
<li><font color="#009000"><strong>
<a href="http://www.networkmagazine.com/article/NMG20001003S0001/1">The Pros and Cons of Posting Vulnerabilities</a>, Network Magazine, October 5, 2000
</strong></font><br>
Dissipating the smokescreen of FUD surrounding "full
disclosure" is a never ending thankless task. Rik Farrow shows how
it works by picking a particularly busy day in the life of BUGTRAQ, the
full disclosure security mailing list. He concludes with a tip of the
white hat to OpenBSD:<br>
<i>"The true goal should be to write secure software in the first
place. One Unix version, OpenBSD, gets all of its code audited for
security bugs before it gets shipped."</i>
<p>
<li><font color="#009000"><strong>
<a href="http://www.byte.com/documents/s=448/byt20000927s0001/index.htm">
BSD OSs Offer Unix Alternatives to Linux</a>, Byte, October 2, 2000
</strong></font><br>
In a long-ish article subtitled "<i>For security, scaling,
consider a BSD OS</i>", columnist Bill Nicholls does a survey of the
BSDs. Mostly he summarises the history and quotes the various project
web sites, but this is the kind of article that should benefit
non-technical readers bombarded with Linux advocacy.
<p>
</ul>
<h2>September, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.zdnet.com/devhead/stories/articles/0,4413,2631312,00.html">
BSD System Takes On Linux</a>,
<!-- a href="http://www.zdnet.com/intweek/stories/news/0,4164,2631373,00.html" -->
Chris Coleman Explains BSD Unix, Inter@ctive Week, September 25, 2000
</strong></font><br>
(Note: the second article is no longer online)<br>
Two BSD related articles in the same mainstream publication, on the same day.
A trend, maybe? The first article, a business-oriented manager's eye view,
credits OpenBSD's proactive security approach for spurring on security
development in the other BSD groups, and even Linux. The second is an
interview with Daemon News editor Chris Coleman which attempts to explain
the various BSDs. The writer clearly hasn't mastered the topic yet, or even
spelled Coleman's name consistently.
<p>
<li><font color="#009000"><strong>
<a href="http://www.zdnet.com/devhead/stories/articles/0,4413,2631312,00.html">
BSD System Takes On Linux</a>, Inter@ctive Week, September 25, 2000
</strong></font><br>
A manager's eye view business-oriented story credits OpenBSD's proactive
security approach for spurring on security development in the other BSD
groups, and even Linux.
<p>
<li><font color="#009000"><strong>
<a href="http://upside.com/texis/mvm/story?id=39b82a2e0">
Primed and ready</a>,
Upside Today, September 7, 2000
</strong></font><br>
An article by Sam Williams about the reaction to RSA Security's pre-emptive
release of RSA into the public domain. The impact on OpenBSD? Minimal --
most users are already taking advantage of the trick to download the ssl
library after installing the OS.
<p>
<li><font color="#009000"><strong>
<u>OpenBSD as a VPN Solution</u> <em>(not available online)</em>,
Sys Admin, September 2000
</strong></font><br>
Alex Withers contributed an article on setting up a VPN with OpenBSD's IPsec
and the ISAKMPD key management daemon. He admits his implementation, though
quite serviceable, only scratches the surface of the capabilities available.
He strongly suggests going through the man pages
(<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vpn&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">vpn(8)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&apropos=0&sektion=0&ma
npath=OpenBSD+Current&arch=i386&format=html">ipsec(4)</a> and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a>) and the OpenBSD
<a href="faq/faq13.html">IPsec FAQ</a> to get the most
out of the system.
<p>
<li><font color="#009000"><strong>
<a href="http://www.osOpinion.com/Opinions/KeithRankin%20/Keith%20Rankin1.html">FreeBSD, OpenBSD and SuSE 6.2 Eval Review</a>, OS Opinion, September 2000
</strong></font><br>
Keith Rankin, a veteran system administrator, rates three operating systems
in terms of usablility and productivity. Despite a lengthy rant about minimalist
installations, <code>vi</code> and a default C shell, he finds nice things to
say about OpenBSD's floppy + 'Net installation, the thorough system probe and
the IP filtering and address translation.
<p>
<li><font color="#009000"><strong>
[German] Das BSD-Ports-Verzeichnis, FreeX Magazin, 4.Quartal 2000
</strong></font><br>
Jörg Braun surveys the <a href="ports.html">Ports</a> system that gives
users easy access to hundreds of net freeware applications. The author covers
the various <code>make</code> options and targets, and also notes OpenBSD's
"fake" installation used to create easily distributable binary
packages as an automatic by-product of building a port.
<p>
</ul>
<h2>August, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.onlamp.com/pub/a/bsd/2000/08/29/OpenBSD.html">
OpenBSD and the Future of the Internet</a>,
OpenBSD Explained, O'Reilly Network, August 29, 2000
</strong></font><br>
David Jorm's column notes the fact that OpenBSD ships with functioning IPv6
networking. He briefly walks through the procedure to get an OpenBSD system
to participate in "6bone", the transitional IPv6 network.
<p>
<li><font color="#009000"><strong>
<a href="http://rootprompt.org/article.php3?article=832">OpenBSD's Good
Example</a>, # RootPrompt.org, August 23, 2000
</strong></font><br>
Noel moves on after his "Cracked!" series to look at other
security topics. This time, he installs OpenBSD, fully expecting some
brutally stripped-down system good for nothing but firewalls and sniffers,
but finds a functional desktop environment. OpenBSD sets an example for
other systems: <i>"It is my opinion that there are many lessons
in how OpenBSD is put together that the Linux community needs to take
note of"</i>.
<p>
<li><font color="#009000"><strong>
<a
href="http://www.newsforge.com/article.pl?sid=00/08/22/0132212&mode=thread">The
Brit and the Big Boy</a>, NewsForge, August 22, 2000
</strong></font><br>
NewsForge Columnist Julie Bresnick pens a quirky profile of Tom Yates,
co-author with Wes Sonnenreich of
<a href="http://www.wiley.com/compbooks/catalog/35366-3.htm">Building
Linux and OpenBSD Firewalls</a>.
<p>
<li><font color="#009000"><strong>
<a href="http://abcnews.go.com/sections/tech/FredMoody/moody000816.html">Linux
Revisited</a>, ABCnews.com, August 16, 2000
</strong></font><br>
In an article better entitled "Moody battles on", columnist Fred
Moody continues his lone battle over the Linux security record. He rates
OpenBSD as the choice of those who expect "much, much more" and
quotes Marcus Ranum, CTO of Network Flight Recorder, talking about OpenBSD's
code audit. <i>"They did some really interesting stuff; they did complete
code audits of major hunks of the operating system and found huge, horrible,
gigantic holes that all the other UNIX derivatives had been ignoring."</i>
<p>
<li><font color="#009000"><strong>
<a href="http://www.thestandard.com/article/display/0,1151,17541,00.html">The
World's Most Secure Operating System</a>, The Industry Standard, August 14,
2000
</strong></font><br>
<i>"A lone Canadian is reshaping the way software gets written. Is the world
paying attention?"</i>. (Well, actually he's got help). Veteran technology
reporter Brendan Koerner interviews Theo de Raadt, security vendors and
writers to compare OpenBSD's code audit and "secure by default" credo
against current industry practices.
<p>
<li><font color="#009000"><strong>
<a href="http://www.oreillynet.com/pub/a/bsd/2000/08/08/OpenBSD.html">An Overview of OpenBSD Security</a>, OpenBSD Explained, O'Reilly Network, August 8, 2000
</strong></font><br>
David Jorm details the steps to configuring OpenSSH's sshd, and how to set up
a secure Web server using OpenBSD's SSL support. He also looks at OpenBSD's
security stance, the ongoing code audit and how to install security patches.
<p>
<li><font color="#009000"><strong>
<a href="http://lwn.net/2000/0803/security.php3">OpenBSD runs fuzz</a>, Linux
Weekly News, August 3, 2000
</strong></font><br>
Linux Weekly News security editor Liz Coolbaugh picks up on a Bugtraq thread
about <code>fuzz</code>, a tool that tests commands with randomly generated
command line arguments. Lead developer Theo de Raadt ran it against OpenBSD
and found routine coding errors in about a dozen commands, none security-related.
The article reprints de Raadt's posting and comments. Though the exercise was
worthwhile, the tool only points to the areas to check, and is no substitute for
careful code reviews, he concludes.
<p>
<li><font color="#009000"><strong>
<a href="http://www.oreillynet.com/pub/a/bsd/2000/08/01/OpenBSD.html">OpenBSD
in a Datacenter Scale Environment</a>, BSD DevCenter, O'Reilly Network, August 1, 2000
</strong></font><br>
David Jorm's OpenBSD Explained column talks about IT Manager Grant Bailey's initial
skepticism about OpenBSD being able to handle the load for www.2600.org.au's Web and
FTP site. On a tight budget, he set up a K-6 450MHz system, with 128 MB RAM and an
IDE drive, got a few friends with cable modems to pound on it, and was pleasantly
surprised.<br>
<i>Update (Aug.4/2000): Grant writes that he has just seen the site's biggest day:
56GB outbound to everywhere on the Internet with 260 clients at one point, limited
mostly by the RAM.</i>
<p>
</ul>
<h2>July, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.vnunet.com/News/1107318">
Linux developers hunt for kernel bugs</a>, vnunet.com, July 26, 2000
</strong></font><br>
John Leyden talks about the new Linux Kernel Auditing Project, and how
last month some people decided that Linux needed some auditing. It is
about time. The article mentions that
<i>"OpenBSD, another Unix-like open source
operating system, has been subject to an ongoing security audit
since 1996."</i><br>
The article apparently used to quote Roy Hills of NTA as saying
<i>""This is the first time I've heard of an audit of the whole of a
general purpose operating system kernel"</i>, but it has been
amended since.
<p>
<li><font color="#009000"><strong>
<a href="http://www.securite.org/interview/theoderaadt/">
Interview: Theo de Raadt</a>, Sécurité.org, July 26, 2000
</strong></font><br>
Nicolas Fischbach caught up to Theo de Raadt at CanSecWest in Vancouver a while
back, and the resulting interview discusses Secure by Default and the genesis
of OpenSSH.
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://www.securityportal.com/closet/closet20000726.html"> -->
<u>IPsec - We've Got a Ways To Go</u> (Part II), Security Portal, July 26, 2000
</strong></font><br>
Kurt Seifried discusses various key management and tunnel modes and extensions
possible with IPSEC implementations, including OpenBSD's ethernet over IPSEC
bridging.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2000/July/Contribution236.html">
Setting up OpenBSD 2.7 as a cable NAT system </a>, BSD Today, July 24, 2000
</strong></font><br>
Vlad Sedach writes about his experiences in setting up a ipnat/ipf box based
on OpenBSD as his firewall.
<p>
<li><font color="#009000"><strong>
<a href="http://www.vnunet.com/News/1106857">
Most secure operating system update uses Digital Signature Algorithm</a>, vnunet.com, July 17, 2000
</strong></font><br>
James Middleton lists the features of the new 2.7 release.
<p>
<li><font color="#009000"><strong>
<a href="
http://www.bsdtoday.com/2000/July/Features230.html">
OpenBSD is installed -- now what?</a>, BSD Today, July 14, 2000
</strong></font><br>
As a follow-up to <a href="http://www.bsdtoday.com/2000/June/Features213.html">
Installing OpenBSD 2.7</a>,
Clifford Smith explains how to set <i>"up OpenBSD as a single-user,
desktop system with basic information on installing the ports tree,
setting up KDE, stopping unneeded services and using IPFilter."</i>
<p>
<li><font color="#009000"><strong>
<a href="http://napalm.firest0rm.org/issue6.txt">IPsec Crash Course
(part 1)</a>, Napalm, July 13, 2000
</strong></font><br>
Technical article about IPsec by ajax, discussing the networking basics,
the key management daemons and various free and commercial implementations.
This goes well beyond the usual how-to articles to explain the underlying
protocols and their quirks.
<p>
<li><font color="#009000"><strong>
<a href="http://www.itbusiness.ca/index.asp?theaction=61&sid=32935">
In the shadow of the penguin</a>, Computing Canada, July 7, 2000
</strong></font><br>
Viewpoint columnist Matthew Friedman tries to set the record straight -- open
source is not all about Linux. He focuses on the rock-solid networking performance
and security and speaks with OpenBSD's Theo de Raadt and FreeBSD's Jordan
K. Hubbard.
<p>
<li><font color="#009000"><strong>
<a href="http://www.osopinion.com/Opinions/MontyManley/MontyManley8.html">Be
An Engineer, Not An Artist</a>, OS Opinion, July 6, 2000
</strong></font><br>
Monty Manley throws open the debate about artistic whim versus solid engineering
in open source software development. Too few, like the OpenBSD auditors, are
willing to sweat the details to make the code really work, he writes.
<p>
<li><font color="#009000"><strong>
<a href="
http://www.bsdtoday.com/2000/July/Contribution221.html">
Attempting to install OpenBSD under VMware</a>, BSD Today, July 6, 2000
</strong></font><br>
BSD Today reader Jeremy Weatherford tries his hand at installing OpenBSD
on VMware, a system that allows multiple OSes to run concurrently on the
same hardware. We can't fault him for trying, but being new to both OpenBSD
and VMware, he might have been a tad too ambitious, considering VMware
doesn't even list OpenBSD as a supported "guest" OS.
<p>
</ul>
<h2>June, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2000/June/Features213.html">Installing OpenBSD 2.7</a>,
BSD Today, June 29, 2000
</strong></font><br>
<i>So you want to try out OpenBSD, right? Sounds like your kind of operating system,
right? Patrick Mullen installs and reviews the 2.7 release</i>. Another first-hand
experience installing OpenBSD, with a sprinkling of humour because these articles can
be a bit dry.
<p>
<li><font color="#009000"><strong>
<a href="http://maccentral.macworld.com/news/0006/23.macosx.shtml">
Road to Mac OS X: Security and OS X</a>,
MacCentral Online, June 23, 2000
</strong></font><br>
On one of a series of articles from MacCentral Online
columnist Dennis Sellers, he attempts to answer Mac OS users'
questions on the move forward to Mac OS X. With concern to
security, he quotes Mark Block saying:<br>
<em>"Keep in mind that just because it's UNIX-based
doesn't mean it's susceptible to crackers. OpenBSD is an
example of an extremely secure flavor of UNIX."</em>
<p>
<li><font color="#009000"><strong>
<a href="http://www.itbusiness.ca/index.asp?theaction=61&sid=33044">
BSD (and Joe) are Canadian</a>, letter to the editor, Computing Canada, June 23,
2000
</strong></font><br>
"Dave the Canadian software guy" wrote to complain about a column
entitled "The computing road less travelled". The article on
alternative OSes never mentioned OpenBSD, published in Canada, or NetBSD,
the sole BSD at Linux Quebec in April. "Is it time for a Joe the Canadian
commercial for Canadian Software?", Dave asks.<br>
<i>The letter is further down the page</i>.
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://www.securityportal.com/closet/closet20000621.html"> -->
Securing Your Network With OpenBSD, Kurt's Closet, Security Portal, June 21, 2000
</strong></font><br>
Kurt Seifried looks at some new features in OpenBSD 2.7 and recommends it
as a platform for patrolling your network. He also gives a sampling of
the many security tools available for intrusion detection, vulnerability
analysis and network management, all available from the
<a href="ports.html">"Ports" collection</a>.
<p>
<li><font color="#009000"><strong><a
href="http://www.zdnet.com/eweek/stories/general/0,11011,2589471,00.html">Exposed
to a Web of viruses</a>, eWeek.com, June 19, 2000
</strong></font><br>
Peter Coffee, eWeek Labs, mentions OpenBSD in an article subtitled
"IT wanted integration; Microsoft delivered. Now both must fix lax
security". Near the end (it's there, really), he writes:
<i>Those who champion the open-source process point to projects
such as the OpenBSD operating system, with its tremendous security
record, as proof of concept. But there are other examples, such as
loopholes in Kerberos code that went unnoticed for years, that show
the limits of volunteer effort</i>. Once again, we note that published
source code doesn't automatically imply a security review. It won't
happen by itself: people have to <i>want</i> to do it.
<p>
<li><font color="#009000"><strong>
<a href="reprints/pr27.html">OpenBSD 2.7 press release</a>, June 15, 2000
</strong></font><br>
This press release was translated into several languages and distributed to the
trade press and Internet news sites.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2000/June/News196.html">Coming
soon: a real-time OpenBSD?</a>, BSD Today, June 14, 2000
</strong></font><br>
Randy Lewis of RTMX explains why they picked OpenBSD and how their real-time
extensions will be folded back into the OpenBSD source tree in time for the
next release. Interview by Jeremy C. Reed.
<p>
<li><font color="#009000"><strong>
<a href="http://www.oreillynet.com/pub/a/bsd/2000/06/13/OpenBSD.html">Introduction
to OpenBSD Networking</a>, BSD DevCenter, O'Reilly Network, June 13, 2000
</strong></font><br>
David Jorm, no stranger to OpenBSD, gives a detailed tour of the basic steps for
setting up an OpenBSD system as a gateway with a LAN interface and a PPP connection.
He also points out the little differences that could trip up somebody just
arriving from the Linux world.
<p>
<li><font color="#009000"><strong>
<a href="http://www.unixreview.com/documents/s=1247/urm0006c/">
The state of the daemon</a>, UNIX Review, June 7, 2000
</strong></font><br>
Michael Lucas reviews the state of the art for BSD-derived systems,
and finds much cause for optimism.
"OpenBSD delves further into constructive paranoia", he writes.
Agreed, security is a state of mind, but unless the rash of serious incidents
abates, it's not really paranoia.
<p>
<li><font color="#009000"><strong>
<a href="http://www.infosecuritymag.com/articles/june00/columns3_open_sources.shtml">Security
By DEFAULT</a>, OPEN SOURCES, Information Security, June 2000
</strong></font><br>
<i>OpenBSD is one OS that's likely to be voted "Most Secure."
So why not use it for all enterprise apps?</i> Columnist Pete Loshin
looks at OpenBSD as a serious contender for secure Internet servers.
<p>
<li><font color="#009000"><strong>
<a href="http://www.americasnetwork.com/issues/2000issues/20000601/20000601_hackers.htm">
Meet the hackers</a>, America's Network, June 1, 2000
</strong></font><br>
Patrick Neighly writes a long and detailed article about the hows and whys of
the hacker community. Near the end, he interviews a hacker who states that
<i>"OpenBSD tends to be a proactive security solution - they find holes
before they're posted on Bugtraq"</i>
<p>
<li><font color="#009000"><strong>
<a href="reprints/openbsd-hwcrypto.html">
[Swedish] Säkerhet & Sekretess</a>,
No 4, 2000</strong></font><br>
This article reports in a positive tone on OpenBSD's latest security feature,
hardware-supported cryptography.
<p>
</ul>
<h2>May, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://rootprompt.org/article.php3?article=493">Cracked! Part4: The
Sniffer</a>, # RootPrompt.org, May 31, 2000
</strong></font><br>
Noel continues his chronicle of a cracker attack on his LAN.
In part 4, he notes that even local user vulnerabilities cannot
be overlooked because you must assume that an attacker will
eventually figure out a login/password. As part of his conclusions,
he mentions he would like to explore OpenBSD for systems that
need user accounts. The first three parts also make for interesting
reading for all system administrators.
<p>
<li><font color="#009000"><strong>
<a href="http://www.computerworld.com/home/print.nsf/all/000526E30E">Flaw
found in PGP 5.0</a>, Computer World, May 26, 2000
</strong></font><br>
PGP 5.0 was found to have a serious coding error under Linux and
OpenBSD, where it replaced the random data obtained from /dev/random
with a string of '1' digits when generating key pairs under certain
conditions.
<p>
<li><font color="#009000"><strong>
<a href="http://www.beopen.com/features/articles/security_article.html">Security
Beyond the Garden of Eden</a>, BeOpen.com, May 19, 2000
</strong></font><br>
Sam Williams strikes again. He interviews OpenBSD lead developer Theo de Raadt
and Tom Vogt, a lead developer of Nexus, a "maximum security" Linux
distribution unveiled on May 9. This article contrasts two different
approaches to security.
<p>
<li><font color="#009000"><strong>
<a href="http://www.upside.com/texis/mvm/story?id=3921a9080">OpenBSD
perfects security by one-upmanship</a>, Upside Today, May 17, 2000
</strong></font><br>
Freelance writer Sam Williams captures the dynamics of the OpenBSD
development effort in OpenBSD, dubbing it "geeking out for perfection".
Williams also takes note of OpenBSD's business-friendly non commercial
stance -- no corporate backers, yet plenty of commercial products
with embedded OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://www.securityfocus.com/frames/?vdb=vdb&content=/vdb/stats.html">Vulnerability
Database Statistics</a>, Security Focus, May 15, 2000
</strong></font><br>
"3 out of 2 people can't figure out statistics", the saying goes. In this light,
we'd like to present Security Focus's summary of vulnerabilities. Read
the disclaimers and feel free to dispute the results, but you have to
admit it makes OpenBSD look good compared to other widely used OSes.
We think the most important chart is the top one, total vulnerabilities.
The upward trend is disturbing; it means the industry still doesn't
"get it", and the users who trade off security for feature
creep are delivering the wrong message.
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://www.securityportal.com/closet/closet20000510.html"> -->
Why We're Doomed to Failure, Security Portal, May 10, 2000
</strong></font><br>
Kurt Seifried talks about what people can do to promote security and
protect themselves against the now-commonplace attacks. His first
suggestion is for software vendors to audit code like OpenBSD did, but he
feels that the effort and demand for knowledgeable programmers is too
great for this approach to succeed. Instead, he suggests add-ons such as
various Linux patches, development tools and replacement libraries. We
think he gave up too easily: by accepting mudflaps in the place of
airbags, he is taking the heat off software vendors to clean up the
defects in their products.
<p>
<li><font color="#009000"><strong>
<a href="http://www.vnunet.com/Features/27240">
They're after your data</a>, vnunet.com, May 17, 2000
</strong></font><br>
In a discussion related to government hacking, Dearbail Jordan interviews
a random hacker who states that <i>"As far as operating systems go,
OpenBSD, a completely free Unix variant, is probably the most secure
C2-level Unix available today."</i> Well, OpenBSD is not C2, mostly
because the Orange Book C2 standard is for Trusted systems, not Secure
systems, but the remainder of his comment is probably a correct viewpoint.
<p>
<li><font color="#009000"><strong>
<a href="http://www.computerworld.com/home/print.nsf/all/000502db52">Open
Source Smugglers</a>, ComputerWorld, May 5, 2000
</strong></font><br>
"Psssstt! Wanna a good, reliable operating system on the cheap? Thing is,
you just can't tell your boss about it" Technology writer Peter Wayner
tells of the techies who break the rules and sneak open source
systems on the job. He mentions the "security-conscious" OpenBSD as a
successful secure e-commerce server against an rival NT implementation,
as well as how Marcus Rannum embeds OpenBSD in the Network Flight Recorder
IDS appliance to sidestep NT vs. UNIX prejudices.
<p>
<li><font color="#009000"><strong>
<a href="http://biz.yahoo.com/bw/000502/va_global__1.html">PowerCrypt
Encryption Accelerator Endorsed by OpenBSD</a>, Business Wire, May 2, 2000
</strong></font><br>
Press release from Global Technologies Group, Inc. announcing OpenBSD
support for their PowerCrypt IPsec hardware accelerators cards.
<p>
<li><font color="#009000"><strong>
<a href="http://nyheter.idg.se/display.pl?ID=000502-CSD1">
[Swedish] Computer Sweden</a>,
May 2, 2000</strong></font><br>
An article describing *BSD as the choice of the "very demanding".
OpenBSD is noted for its focus on security and cryptography.
<p>
<li><font color="#009000"><strong>
<a href="http://www.bsdtoday.com/2000/May/Features138.html">An experience
installing OpenBSD</a>, BSD Today, May 2000
</strong></font><br>
Another "how I installed OpenBSD" article. Jeremy C. Reed writes
a blow-by-blow, prompt & response chronicle of how he installed OpenBSD
2.6, to the point of setting up X, the blackbox window manager and
Netscape -- elapsed time, 4 hours and 38 minutes. Phew.
<p>
<li><font color="#009000"><strong>
<a href="http://www.daemonnews.org/200005/adventure.html">My Adventures
In OpenBSD 2.6</a>, Daemon News, May 2000
</strong></font><br>
Alison describes how she gave in to the geekier side of her nature and
rescued a castaway PC and put OpenBSD on it. "Contrary to popular
opinion, however, I think it's not just a matter of reliability," she
writes, "but also of clarity and simplicity - two very important and
oft-overlooked characteristics of computer software.".
</ul>
<h2>April, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://e-zine.nluug.nl/hold.html?cid=91">Interview with OpenBSD's
Theo de Raadt</a>, <font color="#4669ad"><sup>eup</sup></font> E-zine,
April 20, 2000
</strong></font><br>
In this interview by Daniel De Kok, lead developer Theo de Raadt comments
on the BSDI/FreeBSD merger, OpenBSD as an embedded OS, and future plans for
OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="reprints/article_20000419.html">Security Experts Say Proprietary
Code Isn't Scrutinized Well Enough</a>, SOURCES, April 19, 2000
</strong></font><br>
This bulletin discusses security concerns raised by recent reports of
vulnerabilities in commercial software such as backdoors and automatic
registration forms. The article quotes Jerry Harold, president & co-founder of
Network Security Technologies Inc. "This is why NetSec builds its products
on an operating system (OpenBSD) that has made security its number one goal."
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/direct.cgi?/topnews/os20000417.html"> -->
Open Source - Why it's Good for Security,
SecurityPortal, April 17, 2000
</strong></font><br>
In another FUD-fighting article, security writer Kurt Seifried and
Bastille Linux project leader Jay Beale refute a recent well-circulated
article saying open source software is more vulnerable because the
black hats can find bugs just by reading the source. If this were the
case, they argue, OpenBSD could not have achieved its security record.
They counter the claim by demolishing "security through
obscurity", the myth that just won't go away.
<p>
<li><font color="#009000"><strong>
<a href="http://www.securityfocus.com/commentary/19">Wide Open Source</a>,
SecurityFocus.com, April 16, 2000
</strong></font><br>
Elias Levy of BUGTRAQ fame discusses the security of open- vs. closed-source
software. OpenBSD developers are mentioned first among a few groups of people
who care about auditing code for security vulnerabilities.
<p>
<li><font color="#009000"><strong>
<a href="http://www.32bitsonline.com/article.php3?file=issues/200004/badpressedit">
Bad Press</a>,
32Bits Online, April 2000
</strong></font><br>
Slamming some recent press which had said that Open Source (and in particular
Linux) leads to more software security problems, Clifford Smith states<br>
<b>"If there is ONE definitive proof that the source code being opened up for
review provides the opportunity to create secure operating systems, OpenBSD
is that proof."</b> (his emphasis)
<p>
</ul>
<h2>March, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/closet/closet20000329.html"> -->
Linux is a security risk, I don't think so!,
Security Portal, March 29, 2000
</strong></font><br>
Columnist Kurt Seifried uses OpenBSD's code audit as an example to
refute a FUD piece on a major computer industry website that claims
that Linux is a security risk because the bad guys can find the holes
simply by reading the source code.
<p>
<li><font color="#009000"><strong>
<a href="http://www.linux.com/interviews/20000308/44/">The
Kurt Seifried interview</a>, Linux.com, March 8, 2000
</strong></font><br>
The roles have changed; security columnist Kurt Seifried is
now the subject. He discusses his role at Security Portal,
the state of Linux security, OpenBSD's security model and the
Linux hardening scripts like Bastille Linux. He's pessimistic
about the future and predicts that with management apathy
towards security, "we're in for 10-50 more years of miserable
computer security problems".
<p>
<li><font color="#009000"><strong>
<a href="reprints/article_20000306.html">Open source software:
Ready for Credit Union Primetime?</a>, CUES Tech Port, March 6, 2000
</strong></font><br>
An article explaining the trade-offs of using open source software, how it
might be applied to credit union enterprises and some caveats about the
learning curve for staff not already familiar with UNIX-like operating
systems. Author Tom DeSot strongly recommends OpenBSD in this article
written for credit union IS managers.
<p>
<li><font color="#009000"><strong>
<a href="http://www.sunworld.com/sunworldonline/swol-03-2000/f_swol-03-silicon.html">The
Unix players change, but the (r)evolution continues</a>, SunWorld, March 2000
</strong></font><br>
Rich Morin puts the 80's UNIX history of fragmentation in perspective by
examining the creative tensions between the five operating systems derived
from 4.4BSD-Lite. Rather than repeating the platitude of how the BSD-derived
operating systems should unite, Morin's Silicon Carny column shows that the
projects and companies cooperate even though they have diverging goals. And
now that Sun has cautiously moved to open source some of its source, how
will the open source world react, he asks.
<p>
<li><font color="#009000"><strong>
<a href="http://boardwatch.internet.com/mag/2000/mar/bwm79.html">Getting
to know OpenBSD</a>, Boardwatch Magazine, March 2000
</strong></font><br>
UNIX columnist Jeffrey Carl continues his survey of the freenix alternatives
for ISPs with an interview with Louis Bertrand. The author also discusses
the relative merits of OpenBSD and how ISPs might want to use it for a
competitive advantage.
<p>
</ul>
<h2>February, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/direct.cgi?/research/ssh-part2.html"> -->
All About SSH - Part II: OpenSSH, Security Portal, February 28, 2000
</strong></font><br>
Seán Boran wraps up his look at SSH with an article devoted to OpenSSH
running on OpenBSD and other OSes, mentioning problems porting OpenSSH to
platforms without good crypto support.
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/direct.cgi?/closet/closet20000216.html"> -->
Firewalling with IPF, Security Portal, February 16, 2000
</strong></font><br>
Kurt Seifried, author of the Linux Administrators Security Guide, explains
how to set up packet filtering with ipf. His examples are based on OpenBSD 2.6
even though his article isn't aimed at any specific OS.
<p>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/direct.cgi?/closet/closet20000209.html"> -->
OpenBSD 2.6 - new features,
Security Portal, February 9, 2000
</strong></font><br>
Kurt Seifried reviews OpenBSD 2.6 and finds new features like
<a href="http://www.openssh.com/">OpenSSH</a>, Apache
DSOs, and new device drivers. He also finds comfort in an old friend, the
"secure by default" installation.
<p>
<li><font color="#009000"><strong>
<a href="http://www.computerworld.com/cwi/story/0,1199,NAV47_STO41147,00.html">Three
Unixlike systems may be better than Linux</a>, ComputerWorld, February 7, 2000
</strong></font><br>
We really like Simson when he writes <i>"But if you're trying to get the
most for your money or if you want a higher level of security, take a look at
the BSDs. The rewards can be considerable."</i> But he misses the point
about strong crypto because of the fuss over 128-bit browsers. The RSA patent
has been a more effective muzzle on innovation than the export prohibitions.
Also note OpenBSD and FreeBSD also integrate IPv6 in their current codebase.
<p>
<li><font color="#009000"><strong>
<a href="http://www.32bitsonline.com/article.php3?file=issues/200002/fbsd34&page=1">Review
of FreeBSD 3.4</a>, 32BitsOnline, February 2000
</strong></font><br>
In a review of FreeBSD 3.4, the author, Clifford Smith, was impressed
enough about OpenBSD to say "<i>OpenBSD is probably the most secure
distribution out of the box because it comes with a source code that has
been given a complete security audit. It also comes with KERBEROS enabled
out of the chute, OpenSSL and ssh is part of the distro now, too. IPFilter
works immediately. Just Brilliant."</i>
<p>
<li><font color="#009000"><strong>
<a href="http://www.infosecuritymag.com/feb2000/Linux.htm">Securing Linux</a>,
Information Security, February 2000
</strong></font><br>
Pete Loshin surveys the state of the industry in Linux and UNIX-like
security. He highlights an emerging problem, novice Linux users
who may unknowingly leave installation holes, or inadvertently create some.
The OpenBSD sidebar explains the goals and purpose of OpenBSD, and highlights
its reputation among security experts.
<p>
<li><font color="#009000"><strong>
<a href="http://www.osopinion.com/Opinions/KeithRankin%20/Keith%20Rankin1.html">FreeBSD,
OpenBSD and SuSE 6.2 Eval Review</a>, OS Opinion, February 2000
</strong></font><br>
Can't decide? Let's try a bunch. Veteran computer jockey Keith Rankin
compares a Linux distro and two of the BSDs. Long and quite detailed.
<p>
<li><font color="#009000"><strong>
<a href="http://linux.kbst.bund.de/index.html">
[German] Open Source Software in der Bundesverwaltung</a>,
Bundesministerium des Innern, Februar 2000
</strong></font><br>
A paper on open source software in the German federal government,
published by the Federal Ministry of the Interior. The paper, which
gave reference to OpenBSD among many other OSes and applications, was
posted then retracted on "orders from above" in the ministry.
Giving way to
<a href="http://www2.linuxtag.de/2000/deutsch/shownews.php3?id=0047">
the pressure and protests</a> of the open source movement the ministry
rerelased the document after cutting out some numbers.
(the Microsoft Licence fees, btw.!)
<p>
</ul>
<h2>January, 2000</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.epinions.com/cmd-review-7105-3AF042F-388EBC43-prod1">Secure
by default - a review of OpenBSD</a>, Epinions.com, January 26, 2000
</strong></font><br>
OpenBSD gets a five-star rating in this reader contributed review by
Justin Roth. It's a short glowing article that focuses on the security
of OpenBSD. The reviewer cautions however that it's only secure if
the administrator is vigilant.
<p>
<li><font color="#009000"><strong>
<a href="http://www.zdnet.com/enterprise/stories/linux/news/0,6423,2426206,00.html">Opening up, government style</a>, ZDNet, January 24, 2000
</strong></font><br>
Linux columnist Evan Leibovitch notes a small victory for open source
when the US government recognised it as being for "the
Public Good" in the recently relaxed cryptography export rules.
He quotes Theo mentioning that the RSA patent has had a far greater
chilling effect on US-based cryptography than the export prohibitions.
<p>
<li><font color="#009000"><strong>
"Info.sec.radio" radio show. 11:00AM, Monday, January 10, 2000<br>
<A href="http://www.cjsw.com">CJSW 90.9 FM campus radio in Calgary</a> in
association with <a href="http://www.securityfocus.com">SecurityFocus</a>
</strong></font><br>
In the inaugural show of <strong>Info.sec.radio</strong>, Dean Turner of
Security Focus interviews Theo de Raadt about OpenBSD, security,
and cryptography.
<p>
<li><font color="#009000"><strong>
Mudge, the halo and the 2.4 sticker, MSNBC, January 6, 2000.
</strong></font><br>
The beastie sticker from OpenBSD 2.4 was spotted on Mudge's laptop cover
in a file photo for this story about L0pht joining with corporate heavyweights.
<p>
<li><font color="#009000"><strong>
<a href="http://www.nwfusion.com/newsletters/sec/0103sec2.html">Does 'open'
mean secure?</a>, NetworkWorld Fusion Newsletters, January 5, 2000
</strong></font><br>
Security Portal founder Jim Reavis calls OpenBSD "Linux's Linux". We're not
sure what it means, but he was making the point that public scrutiny of
source code helps security, so it must be a compliment.
<p>
<li><font color="#009000"><strong>
<a href="http://www.zdnet.com/sr/stories/news/0,4538,2416865,00.html">Giving
Back</a>, Sm@rt Reseller Online, January 4, 2000</strong></font><br>
Linux columnist Steven J. Vaughan-Nichols writes mostly about VA Linux
creating a source repository for open source projects, but there's an
interesting quote: "Whether an open-source program runs on OpenBSD,
Palm or even Windows, so long as it's an open-source program it's game
for SourceForge." OpenBSD, soon to be a household word!<p>
<li><font color="#009000"><strong>
<a href="http://www.itbusiness.ca/index.asp?theaction=61&sid=32876">
There's more to open source than just Linux</a>, Computing Canada, January 2000
</strong></font><br>
"Lack of consistency in different versions of distributions is leading some
administrators to re-examine their approach", writes Linux columnist Gene
Wilburn. He suggests the BSD systems as an alternative because they offer
a "high level of consistency and integrity".
<p>
<li><font color="#009000"><strong>
<a href="http://www.sunworld.com/sunworldonline/swol-01-2000/swol-01-supersys.html">A
report from LISA</a>, SunWorld, January 2000
</strong></font><br>
Columnist Peter Galvin gives a recap of LISA '99, mentioning among others
Bob Beck's <a href="events.html#lisa99">paper</a> about securing public
access Ethernet jacks on a university campus.<p>
<li><font color="#009000"><strong>
<a href="http://www.northernjourney.com/opensource/linside/li006.html">Canadian open source projects</a>, The Computer Paper, January 2000
</strong></font><br>
OpenBSD is featured in a year-end review of Canadian Open Source projects
in
<a href="http://www.canadacomputes.com/cc/section/pub/1,1100,33,00.html?pub=1&iss=52">The Computer Paper</a>.
Linux columnist Gene Wilburn gets it right. Unfortunately, the article isn't on
the Computer Paper's site, but it is available at the author's site.
<p>
<li><font color="#009000"><strong>
<a href="http://www.casselman.net/artlist/OpenBSD.htm">
A Home-Grown Operating System?</a>, Alberta Venture Magazine,
January/February, 2000
</strong></font><br>
Grace Casselman interviews Theo about the development process of OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://www.linux.news.pl/openbsd.html">
[Polish] OpenBSD - ma same zalety?</a>,
<i>OpenBSD - Nothing but advantages?</i>, LinuxNews Serwis
Informacyjny, January 2000
</strong></font><br>
Bartek Rozkrut combines an overview of OpenBSD with a review of how to
download and install the system. He mentions Theo de Raadt's "craze"
about security and how he frustrates Linux advocates on Bugtraq with
mails like "the problem was fixed a year ago in OpenBSD".
The author spends some time explaining the disklabel partitioning scheme and
reassuring would-be users that the no-frills installation script actually
works even though it doesn't have a fancy point & click interface. He even
gives typical download times from the various national ISPs.<br>
<i>Thanks to Vadim Vygonets, Wojciech Scigala and Tenyen for their help
with the translation. For the full text, see the
<a href="http://www.openbsd.org/mail.html">advocacy@openbsd.org
mail archives</a>. Interpretation errors are mine --louis</i>
<p>
<li><font color="#009000"><strong>
[Russian] Byte Magazine, Russia,
<u>January 2000 issue</u>
</strong></font><br>
Interview with Theo de Raadt about history and feature of OpenBSD project.
<p>
</ul>
<h2>December, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/closet/closet19991222.html"> -->
OpenSource projects - what I learned from Bastille (and others),
Security Portal, December 23, 1999
</strong></font><br>
Kurt Seifried
(<a href="mailto:seifried@seifried.org">seifried@seifried.org</a>), security
analyst and author of the <i>Linux Administrators Security Guide</i>, discusses
the effort needed to create a Linux distribution. He mentions OpenBSD's
code audit as a reference point for securing the OS.<p>
<li><font color="#009000"><strong>
<a href="http://serverwatch.internet.com/news/1999_12_03_a.html">OpenBSD
2.6 Now Available</a>, Server Watch, December 3, 1999
</strong></font><br>
Picked up on OpenBSD 2.6 press release.
<p>
<li><font color="#009000"><strong>
<a href="http://www.heise.de/newsticker/data/odi-02.12.99-000/">
[German] OpenBSD 2.6 ist da</a>,
heise online newsticker, December 2, 1999
</strong></font><br>
Brief summary of the OpenBSD 2.6 press release.
<p>
<li><font color="#009000"><strong>
<a href="http://www.tekpress.com/Archives/1999/Dec/openbsd.html">OpenBSD
Review</a>, TekPress.COM, December 1999
</strong></font><br>
Vlad Sedach offers a detailed look at OpenBSD, its history, security stance
and cryptography. He notes the lack of
<a href="http://www.openbsd.org/smp.html">multiprocessor support</a>
but rates the security as best available, especially compared to NT.
<p>
</ul>
<h2>November, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://linux.com/featured_articles/19991115/206/">Buddying
up to BSD: Part Three - Regrouping</a>, Linux.com, November 15, 1999
</strong></font><br>
Reviewer Matt Michie responds to critics of his previous OpenBSD
article in an opinion piece that discusses OpenBSD and Linux advocacy.
<p>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/articles/op/xml/99/11/08/991108opsecwatch.xml">
OpenBSD comes close to security nirvana with a system that is
'secure by default'</a>, InfoWorld, November 8, 1999
</strong></font><br>
Security Watch columnists Stuart McClure and Joel Scambray say good things
about OpenBSD's security stance. "As you've come to expect from us,
our faith in vendors' attention to security is waning, but OpenBSD
gives us hope. OpenBSD is a group that has done it
right -- or at least strives to".
<p>
<li><font color="#009000"><strong>
<a href="http://www.linux.com/featured_articles/19991108/200/">Buddying
up to BSD: Part Two - OpenBSD</a>, Linux.com, November 8, 1999
</strong></font><br>
Reviewer Matt Michie narrates his experience with an FTP installation
of OpenBSD 2.5 on an aging P-133. Despite trouble with the installation he
recommends it to experienced Linux users who wish to broaden their horizons.
Then the reader feedback flames him for his trouble.
<p>
<li><font color="#009000"><strong><a href="http://slashdot.org/interviews/99/11/04/1716225.shtml">UK Royal Family webmaster prefers OpenBSD</a>,
Slashdot, November 4, 1999
</strong></font><br>
Mick Morgan, of the UK's Central Computer and Telecommunications Agency,
answers Slashdot readers and talks about the design of a high profile
web site like the Royal Family's. In hindsight, he would have chosen
OpenBSD for its security aspects.
<p>
<li><font color="#009000"><strong>
<a href="http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2386632,00.html">
Turning on the Zedz</a>, ZDNet, November 3, 1999
</strong></font><br>
Linux columnist Evan Leibovitch tries to make sense of the byzantine
US crypto laws and offers some alternative crypto software and
resources including OpenBSD and <a href="http://www.openssh.com/">OpenSSH</a>.<p>
<li><font color="#009000"><strong>
<a href="http://www.boardwatch.com/mag/99/nov/bwm77pg4.html">Freenix
flavors or, three demons and a penguin</a>, Boardwatch Magazine, November, 1999
</strong></font><br>
Boardwatch Magazine's UNIX columnist Jeffrey Carl surveys the freenix choices
for ISPs. We debate his conclusion that security and functionality are
mutually exclusive choices. If that were the case, security conscious users
would unplug from the Net and just send faxes.
<p>
</ul>
<h2>October, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<!-- <a href="http://securityportal.com/direct.cgi?/closet/closet19991027.html"> -->
OpenBSD - a secure alternative,
Security Portal, October 27 1999
</strong></font><br>
Kurt Seifried
(<a href="mailto:seifried@seifried.org">seifried@seifried.org</a>), security
analyst and author of the <i>Linux Administrators Security Guide</i>,
discusses setting up an OpenBSD firewall.
<p>
<li><font color="#009000"><strong><a href="http://slashdot.org/article.pl?sid=99/10/22/1157259&mode=thread">Interview with The Cult of the Dead Cow</a>,
Slashdot, October 22, 1999
</strong></font><br>
In between cheeky and rude answers to slashdot reader questions, cDc'ers
mention OpenBSD's security model and code audit.<p>
<li><font color="#009000"><strong><a href="http://www.lwn.net/1999/1014/security.phtml">The existence of OpenSSH-1.0 has been confirmed</a>,
Linux Weekly News, October 14, 1999
</strong></font><br>
Linux Weekly News was the first non-BSD news agency to report the existence of
<a href="crypto.html#ssh">OpenSSH</a>, which will ship with OpenBSD 2.6.<p>
<li><font color="#009000"><strong><a href="http://www10.nytimes.com/library/tech/99/10/biztech/articles/11code.html">Easing on Software Exports Has Limits</a>,
New York Times, October 11, 1999
</strong></font><br>
Peter Wayner takes a closer look at some consequences of the US government's
restrictions on the export of strong cryptographic software, and finds no
small amount of irony. OpenBSD is prominently featured, along with a picture
of Theo de Raadt brandishing CD-ROMs. (No charge registration required to
read the NY Times on the web).<p>
<li><font color="#009000"><strong><a href="http://www.netsec.net/press_100699.html">NSTI announces commercial support services for OpenBSD</a>,
Yahoo News, Oct. 6, 1999
</strong></font><br>
Network Security Technologies press release on the PR Newswire. NSTI
already uses OpenBSD in their Network Ops Center.<p>
<li><font color="#009000"><strong>
<a href="http://www.daemonnews.org/199910/openbsd.html">I've been hacked!
How OpenBSD saved our project</a>, Daemon News, October 1999
</strong></font><br>
Overworked system administrator John Horn tells us about his adventures with
a publicly-accessible Lynx server.<p>
</ul>
<h2>September, 1999</h2>
<ul>
<li><font color="#009000"><strong><a href="http://www.calgaryherald.com/business/technology/stories/990930/2929913.html">Calgarian heads team ensuring OpenBSD security</a>,
Calgary Herald, Sept. 30, 1999
</strong></font><br>
Technology reporter Matthew McClearn interviewed system administrators and
security specialists in Calgary and Edmonton who choose OpenBSD for its
stability and proactive security audit. He also gives some project history.<p>
<li><strong>
Small town in Kentucky has Internet connectivity unlike the rest of
America<font color="#009000">, MSNBC, Sept. 29, 1999
</font></strong><br>
Jethro reports on the mailing lists that MSNBC aired a segment about a small
town in Kentucky with high-speed Internet connectivity. During an interview
with the town's teenage security guru, you could read the prompt on his
terminal:
<blockquote>
<code>Connected to spanweb.glasgow-ky.com.<br>
Escape character is '^]'.<br>
<br>
OpenBSD/mac68k (spanweb.glasgow-ky.com) (ttyp0)<br>
</code>
</blockquote>
<p>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/cgi-bin/displayStory.pl?/features/990927hack.htm">Hack this! Microsoft and its critics dispute software-security issues, but users make the final call</a>, InfoWorld, Sept. 27, 1999</strong></font><br>
<p>
<li><font color="#009000"><strong>
<a href="http://www.cnn.com/TECH/computing/9909/28/ms.security.idg/index.html">Microsoft: Bad security, or bad press?</a>, CNN, Sept. 28, 1999
</strong></font><br>
A scathing look at the Microsoft "Insecure by Default" scheme quotes the
CDC as saying that "The most secure platform 'out of the box' is OpenBSD,
because security is a focus on the project". Contrast the Microsoft scheme
with <a href="security.html#default">ours</a>.<p>
<li><font color="#009000"><strong>
<a href="http://www.ascii.co.jp/BSDmag/">[Japanese] BSD Magazine</a>,
Sept. 28, 1999
</strong></font><br>
ASCII Corporation is launching a Japanese language magazine that covers the
freenix BSDs, BSD/OS and related subjects. The magazine will also be
translating and reprinting articles from
<a href="http://www.daemonnews.org/">Daemon News</a>, the BSD ezine.
<p>
<li><font color="#009000"><strong>
<a href="http://www.usatoday.com/life/cyber/tech/ctg183.htm">Open source has roots in the Net</a>, USA Today, Sept. 20, 1999
</strong></font><br>
Nice high profile mention of OpenBSD by Will Rodger:
"Yet backers say the speed and transparency with which open source
programmers compete to discover and then fix problems separates their
operations from traditional software shops. OpenBSD -- still another
open source operating system -- is often called the most secure
operating system in the world."
<p>
<li><strong>
Even better than Linux, <a href="http://www.boston.com/globe/">Boston Globe</a><font color="#009000">, Sept 16, 1999
</font></strong><br>
Technology writer Simson L. Garfinkel confesses he prefers the BSDs better
than Linux and explains why. He writes a nice paragraph or two about OpenBSD
and its security and cryptography goals. However, reading this, you'd think
all the developers were Canadian (hint: they're not). The article has moved
to the archives, free registration required.
<p>
<li><font color="#009000"><strong>
<a href="http://www2.idg.com.au/CWT1997.nsf/Home+page/83CB1A288A3B3EB54A2567E5001FEF41?OpenDocument">Microsoft,
Linux to become duopoly?</a>, ComputerWorld Australia, Sept 8, 1999.
</strong></font><br>
Reporter Natasha David interviews lead developer Theo de Raadt, who notes that cross-UNIX
compatibility is losing ground in the rush for Linux applications. de Raadt
was a keynote speaker at the Australian Unix User Group (AUUG) meeting in
Melbourne.<p>
<li><font color="#009000"><strong>
<a href="http://www.idg.net/idgns/1999/09/08/GNULaunchesFreeEncryptionTool.shtml">GNU
launches free encryption tool</a>, IDG News Service, September 08, 1999
</strong></font><br>
<a href="http://www.gnupg.org/">GNU Privacy Guard</a> runs fine on OpenBSD.<p>
<li><font color="#009000"><strong>
<a href="http://www.samag.com/documents/s=1174/sam9909d/">
Maintaining Patch Levels with Open Source BSDs</a>, SysAdmin feature article, Sept. 1999
</strong></font><br>
Michael Lucas explains the broad lines of the BSD development model and
how to keep *BSD systems up-to-date with CVS. The author takes most of the
examples from FreeBSD, but he takes the time to explain differences
between the three systems. (Most of this is technology was originally
invented by the earliest OpenBSD developers, as described in a
<a href="events.html#anoncvs_paper">paper presented at Usenix</a>).<p>
<li><font color="#009000"><strong>
<a href="http://www.opensourceit.com/tutorials/990901_openbsd.html">
My own private IRP</a>, open source IT tutorial, Sept. 1999
</strong></font><br>
Sean Sosik-Hamor describes how he built up his own Internet resource provider
(IRP) and web hosting business out of available hardware and freenix
software. He chose OpenBSD exclusively for his DMZ and describes the FTP
installation.
<p>
<li><font color="#009000"><strong>
<a href="http://www2.idg.com.au/CWT1997.nsf/cwtoday/C02D91FFCD8CD68A4A2567F3007A9A05?OpenDocument">India-based
Web site offers raft of free OSes</a>,
ComputerWorld Australia, September 1999</strong></font><br>
OpenBSD is one of many free OSes offered at <a
href="http://www.freeos.com/">FreeOS</a>, an India-based alternative OS news
and portal site.<p>
</ul>
<h2>August, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.lti.on.ca/cw/archive/CW15-17/cw_wtemplate.cfm?filename=c1517n8.htm">
A Secure and Open Society</a>,
ComputerWorld Canada, Aug 27, 1999</strong></font><br>
The article starts off as a personal story about lead developer Theo de Raadt,
but if you read carefully, it does explain a lot about the origins and goals
of OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://www.computermags.com/CCP/Pub/Story/1,1080,715,00.html">
1999's Technically Excellent Canadians</a>,
COMPUTERMAGS.COM, Aug 10, 1999</strong></font><br>
"CCW is very pleased to name our five Technically Excellent Canadians,
who are significantly impacting on technology both at home and
abroad. Thanks to our readers for your involvement and nominations."
The publisher of Canadian Computer Wholesaler (August 1999) and
The Computer Paper (September 1999) presented this award
to Theo de Raadt for his part in OpenBSD (the sub-article is half
way down the page).
<p>
</ul>
<h2>July, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.msnbc.com/news/292376.asp">
The Net's stealth operating system</a>, MSNBC, July 22, 1999</strong></font><br>
"The OpenBSD group, which did a line-by-line security audit of BSD
code, and now has what is widely regarded as the most secure OS
available."
<p>
<li><font color="#009000"><strong>
[Russian] Byte Magazine, Russia,
<u>July/August 1999 issue</u>.
</strong></font><br>
A review of OpenBSD 2.5 and OpenBSD project goals.
<p>
</ul>
<h2>June, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.data.com/issue/990607/ipsec.html">IPsec Tech Tutorial</a>,
Data Communications, June 1999</strong></font><br>
"IPsec may be an open standard, but that's no guarantee that different
vendors' gear will work together. To assess interoperability, we put an even
dozen products through their paces." OpenBSD 2.4 and commercial IPsec
implementations were tested by an independent lab for interoperability
and ease in setting up tunneling gateways.
<p>
<li><font color="#009000"><strong>
<a href="http://www.sunworld.com/swol-06-1999/swol-06-usenix.html?IDG.net">A
glimpse at the USENIX Technical Conference</a>, SunWorld, June 1999
</strong></font><br>
In a review of this year's event subtitled "USENIX
and Unix -- then and now", writer Vicki Brown contrasts the first
conference in 1979 to the recent one in Montery, California. Although it
only mentions OpenBSD in the links section below the article, it's still
an interesting read.
<p>
</ul>
<h2>May, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.nationalpost.com/financialpost.asp?f=990525/2636405&s2=canadianbusiness">
Operating system designed to foil hackers</a>,
National Post, May 25, 1999</strong></font><br>
The Post's technology reporter David Akin interviews Theo de Raadt for
in a story that ran on the front page of the business section.
<p>
<li><font color="#009000"><strong>
<a href="http://www.pioneerplanet.com/reprints/051799tech.htm">
OS Also-Rans: After Windows 98, Mac OS and Linux, what's left for your
Macintosh or Intel PC? Lots</a>, St.Paul-Minneapolis Pioneer-Planet, May 17 1999
</strong></font><br>
Despite the terrible title, staff writer Julio Ojeda-Zapata gives fair
treatment to the alternatives.<p>
<li><font color="#009000"><strong>
<a href="http://www.daemonnews.org/199905/open-japan.html">In Search of OpenBSD</a>, DaemonNews, May 1999</strong></font><br>
Ejovi Nuwere in Japan: three days, three locations, one operating system.<p>
<li><font color="#009000"><strong>
<a href="http://www.daemonnews.org/199905/chroot.html">Safe and friendly
read-only chroot jails for FTP and WWW</a>, DaemonNews, May 1999
</strong></font><br>
"Ruffy" explains how to set up safe and friendly read-only FTP and WWW services
with OpenBSD's ftpd as an example.<p>
</ul>
<h2>March, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.computerbits.com/archive/19990300/bsd.htm">
Why to BSD in a Linux world</a>, March, 1999</strong></font><br>
Description of the OpenBSD development process, and arguments as to why
Linux probably cannot achieve the same level of security audit.
<p>
<li><font color="#009000"><strong>
<a href="http://archive.infoworld.com/cgi-bin/displayNew.pl?/peer/990308pp.htm">Alternative
OSes face a Sisyphean struggle to get into the PC mainstream</a>, InfoWorld, March 8, 1999
</strong></font><br>
Guest columnist Brett Arquette points out that Linux isn't the only alternative
PC OS out there, then describes why hardware drivers and end user support is
crucial to popularizing an OS. He mentions OpenBSD and adds a link to this
site.<p>
</ul>
<h2>February, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.daemonnews.org/199902/samba.html">
DaemonNews: Serving NT filesystems from an OpenBSD server</a>
February, 1999</strong></font><br>
A system administrator debunks the myth that you must use NT as a file server
when you run Windows clients. Squeezing performance out of vintage hardware and
adding in some scripts to automate the setup of new projects won management
over to OpenBSD.
<p>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/cgi-bin/displayNew.pl?/security/990215sw.htm">
Security Watch, end of year Golden Guardian awards.</a>
February, 1999</strong></font><br>
"Finally, we'd be remiss in ignoring OpenBSD in any discussion of top
open-source security products. It registered high in our e-mail
survey, and we promise to take a more active look at it in future
columns."
<p>
</ul>
<h2>January, 1999</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.planetit.com/techcenters/docs/linux/technology/PIT19990701S0039/">Open-Source
Software: Power to the People</a>, Data Communications, January 4, 1999
</strong></font><br>
Columnist Lee Bruno marvels that free software is serving alongside name-brand
software. Page three mentions OpenBSD in the roundup.<p>
<li><font color="#009000"><strong>
<a href="http://www.sunworld.com/sunworldonline/swol-01-1999/swol-01-bsd_p.html">The
return of BSD</a>, SunWorld, January 1999</strong></font><br>
BSD veteran Greg Lehey notes the strong loyalty of SunOS 4 users and surveys the
BSD-derived OSes available on SPARC and PC hardware. The article also comes with
a long list of useful links (some are stale).<p>
</ul>
<h2>November, 1998</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.datateknik.se/arkiv/98-20/28.html">
[Swedish] Datateknik</a>,
Nov 20, 1998</strong></font><br>
An article on the swedish <a href="events.html#ipsec98">IPsec interop</a> event
mentions OpenBSD as one of the successful participants, and has a
mini-interview with OpenBSD developer Niklas Hallqvist.
<p>
<li><font color="#009000"><strong>
<a href="http://www.datateknik.se/arkiv/98-13/1.html">
[Swedish] Datateknik</a>,
Nov 13, 1998 and
<a href="http://www.datateknik.se/arkiv/98-14/1.html">
Datateknik</a>,
Nov 14, 1998</strong></font><br>
Two published letters talking about OpenBSD's role in MacOS X. The first
one has some misconceptions which are corrected by the second which
explains the licensing issues and points to our
<a href="policy.html">copyright policy</a> page.
<p>
<li><font color="#009000"><strong>
<a href="http://www.daemonnews.org/199811/security.html">
OpenBSD and IPsec, leading the pack</a>, November, 1998
</strong></font><br>
A two-part article by Ejovi Nuwere focusing on OpenBSD's IPsec Development.
Part one is an introduction to OpenBSD's Photurisd and its current
Implementation, including a brief interview with
Photurisd creator Neils Provos.
<p>
</ul>
<h2>August, 1998</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.wired.com/news/news/culture/story/5943.html">
Beyond HOPE coverage, Wired Magazine</a>, Aug 11, 1997</strong></font><br>
Completely bogus (but quite amusing) description of what
OpenBSD is.
<p>
</ul>
<h2>July, 1998</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.infoworld.com/cgi-bin/displayArchive.pl?/98/28/o03-28.40d.htm">
Security Watch: Monthly Editorial.</a>
July, 1998</strong></font><br>
Points at our <a href="http://www.openbsd.org/security.html">security page</a>
calling it "OpenBSD's mantra".
<p>
<li><font color="#009000"><strong><a href="http://www.wired.com">
Wired Magazine</a>, June 1998, page 96 (paper edition only)</strong></font><br>
A half-page description of what OpenBSD is, with a strange picture
of project founder Theo de Raadt (Wired loves Photoshop).
<p>
</ul>
<h2>June, 1998</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://webserver.cpg.com/reviews/r1/3.4/index.html">
WebServer Online</A>, reprinted in
<A href="http://sw.expert.com/R/WS4.JUN.98.pdf">
Server/Workstation Expert (formerly
SunExpert Magazine)</a>, June 1998, page 81</strong></font><br>
A glowing four-page description of OpenBSD emphasizing its use
as a server and an OS that ships with security in the box
(the SunExpert version is in PDF but includes their own
graphic - a cross between Superman™ and the BSD Daemon, which
the WebServer version in HTML does not).
<p>
</ul>
<h2>May, 1998</h2>
<ul>
<li><font color="#009000"><strong>
<a href="http://www.wired.com/news/news/business/story/12035.html">
Usenix coverage, Wired Magazine</a>, May 1, 1998</strong></font><br>
Mention of OpenBSD with regards to our involvement in the
Freenix track held at Usenix in New Orleans.
<p>
</ul>
<p>
<hr>
<a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: press.html,v 1.345 2003/05/08 14:40:07 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to press.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www