Then on some news sites, the story starts to change. A spokeswoman from DARPA is quoted as saying "We're sorry if this review process has been misinterpreted as an effort to cancel the work." (If it was not a cancellation, then why did Mark West from UPENN phone the Hyatt Calgary and cancel the reservations -- even before OpenBSD was informed by Jonathan Smith, who in email said "Penn has been contacted by the Air Force and NO FURTHER COSTS MAY BE INCURRED, effective today, 4/17/03", "All subcontracts are terminated, effective TODAY", and "Penn must cancel/terminate contracts & obligations such as the Hyatt and travel not yet PAID. Mark, please carry this out ASAP per our contractual requirements with the government" These papers proceed to pick up the new story; some retain the old one:
Note: some material related to POSSE is mirrored here.
"Smith and colleagues at Penn, the software development consortium OpenBSD, and the Apache Software Foundation and OpenSSL Group propose to use the open-source movement - where programmers openly share incremental advances - to try to engineer better security features into mainstream computers, not only those developed just for the military and other high-security organizations. The government then benefits by purchasing more affordable, standardized computers with security features."
vi
and a default C shell, he finds nice things to
say about OpenBSD's floppy + 'Net installation, the thorough system probe and
the IP filtering and address translation.
make
options and targets, and also notes OpenBSD's
"fake" installation used to create easily distributable binary
packages as an automatic by-product of building a port.
fuzz
, a tool that tests commands with randomly generated
command line arguments. Lead developer Theo de Raadt ran it against OpenBSD
and found routine coding errors in about a dozen commands, none security-related.
The article reprints de Raadt's posting and comments. Though the exercise was
worthwhile, the tool only points to the areas to check, and is no substitute for
careful code reviews, he concludes.
Connected to spanweb.glasgow-ky.com.
Escape character is '^]'.
OpenBSD/mac68k (spanweb.glasgow-ky.com) (ttyp0)