FreeBSD – Page 9 – May Contain Traces of Bolts

Old history

I am the current maintainer of OpenSSH for FreeBSD, and have been since 2002. I am also the author and maintainer of the PAM implementation used by FreeBSD, and of several of the accompanying PAM modules. Finally, I was a member of the FreeBSD Security Team for several years, served as Assistant Security Officer and Acting Security Officer, and authored or co-authored around 20 security advisories between 2002 and 2004.

I have been asked to comment on SecurityFocus advisories 7467 and 7482, regarding timing attacks against certain versions of OpenSSH that were distributed with FreeBSD 4.x and 5.x releases.

The short version is that no FreeBSD 4.x or 5.x release was ever vulnerable. Read on for the long version. Continue reading “Old history”

Ten years

That’s how long, to the day, I have been a FreeBSD committer.
Ten years seems like a long time when you write it down on paper, or say it out loud, or try to imagine who and where you will be in ten years’ time; but when I think back on my time as a FreeBSD committer, it’s hard to believe it’s really been that long.

The strangest part is seeing younger (or rather, more recently anointed) committers defer to me. I’m not the old tenured professor! I’m not the sage on the mountain! Look at phk, he’s the old fart, not me! I’m still a rookie! I practically haven’t done anything for the project! I mean, apart from libfetch, and pseudofs, and the PAM stack, and OpenSSH, and the Tinderbox, and stints as Bugmeister and Security Officer, and…

This is where my train of thoughts derails, when I realize how much I’ve actually done (although I don’t even come close to people like phk, jhb, or rwatson), and oh shit, it’s actually been ten years!

Update: when I told my wife about this, her immediate reaction was “and they say men can’t commit to anything…”

I broke Béranger’s heart

Béranger, the author of the long rant on which I have commented twice before, seems deeply hurt by my comments. Deeply enough, at least, to spend most of his after game report lambasting me, and to post a complaint on freebsd-advocacy.

Read it if you like. He deliberately misunderstands me, twists my words (including some from private conversation), pounces on strawmen, and still can’t understand that the FreeBSD Foundation is a different entity from the FreeBSD Project, because apparently if the Foundation licenses and distributes software that runs on FreeBSD but isn’t included in FreeBSD, then the Foundation is FreeBSD.

And he still can’t get my name right.

I won’t bother rebutting.

SATA is not SCSI… or is it?

One further comment on The sorry state of open source today, which I did not want to include in my previous entry as I felt it would distract from my main point, which was the inaccuracies in the author’s discussion of FreeBSD.

On page 19, Béranger discusses problems with the disk drivers in Linux 2.6.20. These problems are real (though hopefully transient), and I have myself been bitten by them, as on one machine, Ubuntu’s linux-image-2.6.20-14-386 would not recognize the disks at all; I could boot an older kernel, but then of course nvidia-glx, which had been updated to match the newer non-working kernel, would not load.

Where Béranger stumbles is where he asserts—or implies—that there are fundamental differences between PATA, SATA and SCSI, and that it therefore does not make sense to use similar names (/dev/sdX) for them all.

The sorry state of The Jem Report

Jem Matzan’s The Jem Report is running a so-called editorial by Radu-Cristian Fotescu (aka. Béranger) titled The sorry state of open source today. I say so-called, because it is more of a rant than an editorial: 26 pages long and not entirely coherent.

I won’t waste your time with a point-by-point rebuttal of this piece, not least because most of what he writes is pure opinion and interpretation. I don’t necessarily agree with it—I find him a little too radical and a little too confrontational—but he’s entitled to it.

(I do agree with his views on the differences between the GPL and the BSD license, but that’s neither here nor there)

What I take exception to are factual errors in his discussion of *BSD, and specifically of FreeBSD.