|FROM ||From: "Inker, Evan"
|SUBJECT ||Subject: [hangout] OpenBSD - U.S. military helps fund Calgary hacker
POSTED AT 8:51 PM EDT Sunday, April 6
U.S. military helps fund Calgary hacker
By DAVID AKIN
>From Monday's Globe and Mail
The U.S. military believes the work of a Calgary hacker may be its best bet
to protect its computer networks from so-called cyber-terrorist attacks. And
although Theo de Raadt is happy to have more than $2-million (U.S.) in
research support from the U.S. military's research and development office,
the source of that funding has made him more than a little uneasy.
"I actually am fairly uncomfortable about it, even if our firm stipulation
was that they cannot tell us what to do. We are simply doing what we do
anyways - securing software - and they have no say in the matter," Mr. de
Raadt said in a recent e-mail exchange. "I try to convince myself that our
grant means a half of a cruise missile doesn't get built."
The grant comes from the U.S. Defense Advanced Research Projects Agency
(DARPA), the R&D arm of the U.S. military, whose most widely known invention
would be the Internet. For this grant, DARPA is interested in testing the
security of commercial software systems against the security of open source
Mr. de Raadt leads development of an open source project called OpenBSD. It
is a computer operating system, used most often to power the large server
computers that run corporate networks or Web sites. OpenBSD, a derivative of
the Unix operating system, is widely considered by computer experts to be
the most resistant to unauthorized use.
"We were convinced OpenBSD was the best platform to use as a basis for
further securing open source," said Jonathan Smith, a professor of computer
and information science at the University of Pennsylvania.
Because DARPA does not directly fund projects outside the United States, it
is Mr. Smith's computer science department that received the grant, although
most of the money - $2.3-million - flows through to Mr. de Raadt's project.
Although Microsoft Corp., whose Windows products are the world's dominant
operating system products, and many other commercial software vendors are
paying new attention to the security of their products, that renewed
interest has done little to improve their products so far, Mr. de Raadt
"Low code quality keeps haunting our entire industry. That, and sloppy
programmers who don't understand the frameworks they work within. They're
like plumbers high on glue," Mr. de Raadt said.
Microsoft, for example, has issued 68 security bulletins or alerts for its
products in the past year, better than one a week. OpenBSD, which does not
develop as many products as Microsoft, says only one vulnerability or hole
has been found in its software in the past seven years. OpenBSD has been
created largely through the work of volunteers over its seven-year
The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time
developers to supplement the work of about 80 volunteers. And although he's
happy about the extra support for the project, he's nervous that critics may
get the idea he's working for the U.S. military.
"We're not doing anything for them. They just fund us to do what we do,"
said Mr. de Raadt, a 35-year-old graduate of the University of Calgary's
computer science program. Mr. de Raadt is no fan of the U.S. military at the
moment. He calls the war in Iraq an oil grab. "It just sickens me."
He also notes that the software his group develops is made available free of
charge via Internet download or for a nominal fee on CD. The next major
upgrade to the software, version 3.3., will be released on May 1. Because
OpenBSD is often used in computing environments where security is a top
concern, OpenBSD users are often reluctant to identify themselves. But Mr.
de Raadt's group said that in addition to running the servers for several
branches of the U.S. military, including the Pentagon, OpenBSD is also
installed on the servers the U.S. Department of Justice uses to track and
catch hackers and so-called cyber-terrorists.
OpenBSD is also used by the University of Alberta, the University of
Minnesota, Adobe Systems Inc. and FSC Internet Corp. of Toronto. More than
50,000 copies of OpenBSD have been downloaded from the project's servers in
the past six months.
Corrections Canada, Health Canada, Parliament and the Canada Customs and
Revenue Agency are among the federal users that have downloaded the
software, although it's not clear if it is being used by them.
OpenBSD is one of several open source operating systems, the most famous of
which is Linux. The source code for the software is open or uncompiled,
which means any software programmer can examine the code and can make
changes before it is formatted to run on a computer. OpenBSD is a variant of
a kind of Unix-based operating system known as BSDs, short for Berkeley
The software traces its roots to projects that began in the 1970s at the
University of California at Berkeley. Mr. de Raadt, who's been working
full-time on the OpenBSD project for seven years, pays his own bills with
the money from the sale of the CDs - he sells about 8,000 a year - as well
as from selling OpenBSD T-shirts and other paraphernalia.
David Akin is national business and technology correspondent for CTV News
and a contributing writer to The Globe and Mail.
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc