Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Why I Uninstalled OpenBSD

By Trollaxor in Op-Ed
Thu Oct 06, 2011 at 10:27:29 PM EST
Tags: BSD, OpenBSD, Theo de Raadt, Trollaxor (all tags)

I uninstalled OpenBSD the other day after using it since version 3.1 came out nine years ago. I had grown used to it and contributed too, following the OpenBSD mailing lists and even submitting code a couple of times. But when I began thinking seriously about security, things began to change.

(From http://www.trollaxor.com/2011/10/why-i-uninstalled-openbsd.html)

After the debacle that arose about US government-funded backdoors in OpenBSD's IPSEC back in December '10, I've had a suspicion lurking in the back of my mind that I just can't shake. If having backdoors was such a serious potential security liability, how could anyone be satisfied after just a week of auditing on such an important part of the OpenBSD codebase?

When looking into the audit I found some disturbing news. First, a proper audit is done transparently, with the methodology and results should published for end-users to read. Since the OpenBSD Foundation has no means to track who's actually using OpenBSD, that means that the results should be available publicly. But they're not.

Go ahead, try googling something like "openbsd ipsec code audit results" and see what comes back. Plenty of discussion, but nothing published by the people who performed the audit. Without that, we have no idea who did the audit, how the it was performed, or whether they found a backdoor.

So the question remains: are we sure that there is not a backdoor in OpenBSD's IPSEC?

Without knowing, there are some wide-ranging repercussions. Bits of IPSEC code may have made their way into other, more-widely used, products like Mac OS X, and for day-to-day OpenBSD users, who use OpenBSD for more than just routing and have their lives and livelihood on their OpenBSD boxes, the problem is very immediate and important.

I approached Theo de Raadt, OpenBSD's founder and leader, about this and asked if there would ever be a formal, published report on the audit. My asking led to my third reason for uninstalling OpenBSD: in typical Theo fashion, his reply was not only terse but also belied a lackadaisical attitude to his own operating system's security:

OpenBSD is the most secure operating system in the world. We don't have to publish anything, and if you don't like it then don't use it. The end.

P.S. Don't contact me again.

With the leader of OpenBSD saying that OpenBSD's reputation will be enough to keep the hackers away, I just can't agree that OpenBSD is "the most secure operating system in the world." Theo's cavalier attitude toward due process and security isn't just unprofessional; it's profound idiocy. To see my point, just check out the title of OpenBSD 5.0's theme song.

And with OpenBSD 5.0 on the horizon and nary a peep on this serious security issue in sight, it's time to move on. Theo can release as many updates and funny logos and silly songs as he wants, but the fact is that the only way to gain serious security credibility for OpenBSD is to pursue due process. Until then, OpenBSD is a minefield of holes and cracks. OpenBSD is about as secure as swiss cheese.

So today I urge you to find an operating system whose development team takes security seriously and uninstall OpenBSD posthaste. There are many out there, so take your pick: Mac OS X, FreeBSD, NetBSD, or even Linux.

Just know that running OpenBSD is taking a huge, unnecessary risk. Don't play games with your security. Uninstall OpenBSD today.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o http://www .trollaxor.com/2011/10/why-i-uninstalled-openbsd.html)
o openbsd ipsec code audit results
o title of OpenBSD 5.0's theme song
o OpenBSD 5.0
o Mac OS X
o FreeBSD
o NetBSD
o Linux
o Also by Trollaxor

Display: Sort:
Why I Uninstalled OpenBSD | 12 comments (8 topical, 4 editorial, 0 hidden)
publish the emails! (3.00 / 3) (#3)
by Del Griffith on Thu Oct 06, 2011 at 11:56:07 AM EST

be open!

I...I like me. My wife likes me. My customers like me. Because I'm the real article. What you see is what you get. - Me

I've never had this problem... (none / 1) (#6)
by Pnarp on Fri Oct 07, 2011 at 01:01:10 AM EST

...because I've never installed OpenBSD in the first place. (Bet you thought I'd have some zany tale involving squirrels, chittering little bastards that they are, engaging in some nefarious plot to prevent me from ever having this problem, didn't you? Didn't you???)

∼ Phillip Norbert Årp
Powered by the love of the voluptuous insect goddess, Strahazazhia Kalamazoo-Kintaki-Meeps, She of the six-legged delights.

✿✿✿ Pnårp’s docile & perfunctory page! ✿✿✿
   ❝It’s docile! It’s perfunctory! It’s phlogistically fantastical! But… is it one of those blog things?❞
    All wrights preserved. No purchase estuary. Lawn gnomes not included. You won’t be disconcerted. Deployed where prohibited by snore.

❤   Pnårp learned this week that the world was still here. Will it ever end?

[ Current entry | Random entry ]
this one had one of the highest (3.00 / 2) (#7)
by Marvin Suggs on Fri Oct 07, 2011 at 03:06:01 AM EST

strike rates I've seen in a while - 21 out of 27 votes. Why? K% the trollaxer fanclub, or everyone just sick of whatever was one the FP?
   .0. gimme a bitcoin: 1M9vApgDo5Dw45Awfem75mrVtMJvaMKpjy
People here vote for Trollaxor (3.00 / 4) (#8)
by Nimey on Fri Oct 07, 2011 at 09:46:56 AM EST

I don't know why.

If he holds to pattern, expect a few more stories in the queue shortly.
Never mind, it was just the dog cumming -- jandev
You Sir, are an Ignorant Motherfucker. -- Crawford
I am arguably too manic to do that. -- Crawford
I already fuck my mother -- trane
Nimey is right -- Blastard
i am in complete agreement with Nimey -- i am a pretty big deal

[ Parent ]

One can only hope (3.00 / 3) (#9)
by Del Griffith on Fri Oct 07, 2011 at 10:13:12 AM EST

esp ones laced with LARPING and jagermeister.

I...I like me. My wife likes me. My customers like me. Because I'm the real article. What you see is what you get. - Me

[ Parent ]

K5 FP: a Trollaxor subsidiary (3.00 / 2) (#10)
by Marvin Suggs on Fri Oct 07, 2011 at 10:40:00 AM EST

   .0. gimme a bitcoin: 1M9vApgDo5Dw45Awfem75mrVtMJvaMKpjy
[ Parent ]
You must be kidding (none / 1) (#11)
by thiswillbegreat on Wed Oct 12, 2011 at 09:29:16 AM EST

You're saying that Theo de Raadt did not respond kindly to your inquiry?  Sent you a terse, dickish email?  I can only assume that the normally pleasant and buoyant Theo has been kidnapped by an impostor.
Semper ubi sub ubi.
sendgrid review best ipad 3 case best kindle fire hd case
I've used Ubunu for years now (none / 0) (#12)
by Brogdel on Sat Oct 29, 2011 at 06:51:36 AM EST

never had any problems, of course what the fuck do I know.

Why I Uninstalled OpenBSD | 12 comments (8 topical, 4 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!