One of his dumber takes. Virtualization replaces an ultra-functional general-purpose kernel evolved over decades to support every conceivable application with a drastically smaller "kernel" (KVM and the userland hypervisor). It's a drastic attack surface reduction, and the empirical data bears that out: kernel LPEs aren't even newsworthy (there's whole repos full of unnamed, unremarked-upon LPEs), and KVM escapes are very rare.
Gualdrapotoday at 5:38 PM
"Torvalds, via e-mail, says De Raadt is âdifficultâ and declined to comment further."
Imagine being so hard you're labelled as "difficult" by no other but Linus Torvalds
vlovich123today at 6:22 PM
> A
simple tool was presented, iofuzz, that exposes exploitable
security flaws in most, if not all, virtual machines available
today. To the knowledge of the author, no similar research has
been conducted before. The results produced by crashme, a
tool well known for over a decade, locating trivial flaws dem-
onstrates this.
No virtual machine tested was robust enough to withstand
the testing procedure used, and multiple exploitable flaws
were presented that could allow an attacker restricted to a vir-
tualised environment to reliably escape onto the host system.
The results obtained demonstrate the need for further
research into virtualisation security and prove that virtualisa-
tion is no security panacea.
Heâs not wrong based on the research at the time. The mistake is presenting this as if itâs something that will be true for all time. Is virtualization a panacea? No. CPU manufacturers canât even protect against side channel attacks. But itâs completely missing what this provides which is that the difficulty and cost of creating an exploit is higher today than 20 years ago. And itâs amusing to hear someone blasting away at the security of others when BSD has its own share of problems and architectural weaknesses are discovered through popularity of your system being an attack target, not because youâre smarter than everyone else and made better choices (sometimes it can be true in places, but harder to maintain for a big piece of software like an OS)
Gudtoday at 8:33 PM
I don't understand the constant (almost always unsubstantiated) criticism of the *BSDs from many Linux advocates.
Personally I evaluate each OS by it's merit, and I've concluded that OpenBSD, FreeBSD and some Linux distributions(I use arch btw) are solid operating systems.
On the server I prefer FreeBSD because of it's amazing flexibility, and stable yet evolutionary base system and in my opinion, superior init system. Simple RC scripts FTW.
I use Arch Linux for superior software and hardware support, related to client usage.
I use OpenBSD for various network appliances.
deletedtoday at 8:25 PM
ranger_dangertoday at 8:47 PM
I wished more people would take issue with developers' bad attitudes.
I know this is an extremely unpopular take, but I refuse to use software where the main dev(s) are openly abusive to others. Sadly this includes the majority of open source operating systems and many other very popular applications... but it's my decision and you're welcome to disagree with me. I am not trying to prevent others from using said software, and I don't look down on them for it.
I think if everyone was always forced to separate the art from the artist, then boycotting wouldn't even be a thing, so there should probably be some kind of middle ground.
deletedtoday at 5:49 PM
rustcleanertoday at 7:02 PM
If OpenBSD pretended Qubes OS was a feature prototype/reference OS build and made a fork of OpenBSD to feature-match Qubes OS (calling it QuBSD or something), that would be great!
cptroottoday at 5:25 PM
I would love to know how OP came across this email nearly 20 years after the fact
DonHopkinstoday at 6:31 PM
My favorite Theologism:
"My favorite part of the "many eyes" argument is how few bugs
were found by the two eyes of Eric (the originator of the
statement). All the many eyes are apparently attached to a
lot of hands that type lots of words about many eyes, and
never actually audit code." -Theo de Raadt
I don't know who this guy is but this is just a shitty way to interact with people. Presumably he's successful or we wouldn't be talking about him without any introduction, but I wouldn't hire this person to sweep the floors at my office.
woriktoday at 9:11 PM
That is old news, Theo was harsh, arrogant and rude. He was not always right, but always RIGHT!!
But ten years ago. What is the point now?
znpytoday at 6:51 PM
I think de Raadt and OpenBSD are hugely overrated and some takes are as dumb as the one in the post.
OpenBSD is only secure because because it does pretty much nothing and does it very slowly (its firewall just recently broke the 4gbps firewalling capabilty, for example) but somehow a cult has formed around it ÂŻ\_(ă)_/ÂŻ
jurgenaut23today at 7:39 PM
god bless usenet. The good ol' flame wars aren't what they are used to anymore with all this moderation and trolling feeding each other around here.
oooyaytoday at 6:00 PM
Even very smart, very accomplished people can be very wrong. Xen is seeing a resurgence from Xen Orchestra and I've used it in my homelab. It's quite pleasant. I also, of course, use de Raadt's software as well.