Channels ▼
RSS

The Future of OpenBSD: A Conversation with Theo de Raadt


The Future of OpenBSD: A Conversation with Theo de Raadt

Theo de Raadt (pronounced "wrought") is the 32-year-old principal architect of the OpenBSD (http://www.openbsd.org) operating system project. He was born in Pretoria, S.A. When he was nine he moved to Canada and now lives in Calgary, Alberta.

Theo seems possessed of a consuming idealism akin to that of Chuck Moore or Richard Stallman. At the same time, his aims in software engineering are reminiscent of the ideals of computer scientists such as Edsgar Dijkstra and William Kahan; that the correctness of a program should be subject to proof.

Theo graciously took time to chat with Dr. Dobb's Journal contributing editor Jack Woehr at USENIX Security Symposium 2000.

DDJ: What's your time taken up by in these days of OpenBSD 2.7?

TdR: The biggest thing is to keep on improving quality and make everything work better. Device drivers are also becoming an issue, people need those more. We're working a lot on laptop issues like WaveLAN, which works fine now, and on PCMCIA card, APM, laptop suspend ... sound cards are going to become a big concern soon.

The other half of our group is working on improving IPSec, improving performance. We have an inside line on all the companies who are making IPSec cards which are going to come out pretty soon. These companies have all given us beta hardware. I have cards lying all over my house for IPSec products that are not on the market yet.

DDJ: The hardware IPSec guys are enthralled by OpenBSD?

TdR: Our IPSec stack is on a par with the top four IPSec stacks in the commercial world, and it's completely free. The hardware guys realize people are going to use our stack inside embedded appliances, rather than buying an IP stack from a commercial company.

DDJ: So there's this development platform for appliances, it's called any PC architecture running OpenBSD, and for the card company's customers, they just plug it in.

TdR: Right, because if you use software IPSec, you get 6 Mbits a second. You use these companies' cards, the chip is $80, maybe the whole card sells for $350, and you get 220 Mbits a second.

DDJ: Are you talking IPSec over IPv6 or IPv4?

TdR: IPv4 only for right now. We have some IPv6 IPSec stuff working, but not all of it yet.

DDJ: The OpenBSD project is a small group compared to Linux. Did that help you or hurt you?

TdR: I think there's a constant overestimation of how big the Linux development community actually is. I don't think they have thousands of developers working on the hard problems, just on the simple problems and the GUI things. But in the actual operating system, I would be surprised if they have more than 200 people, the kernel, the libraries, the basic utilities.

On the other hand, we have about 40 persons who work on just those parts all the time.

DDJ: How much of OpenBSD are you still borrowing from the latest in FreeBSD?

TdR: In the last four years, it's happened only in rare cases. A couple of Ethernet device drivers. We might be doing that soon with some RAID device drivers. It almost never happens. We never take entire subsystems and pull them in.

The VM system of OpenBSD is very different from that of FreeBSD. The device driver interface into the kernel is very different. We have some people in our group who can take a device driver and convert it from FreeBSD in an hour.

DDJ: Why is the device driver model different?

TdR: Just style. It's a conceptual framework for interfacing device drivers into the operating system. It's a common problem. You can build a base model for your kernel, and you end up having devices which fall into about six or seven classes of devices, and you end up having to build frameworks for them. One class would be network devices, another would be sound devices. The frameworks reduce the amount of duplicated code.

DDJ: You were a NetBSD developer and went off on your own way. Was there a fundamental philosophical difference between you and NetBSD?

TdR: Just a problem working with the people. They shut me out for seven months, where I couldn't work on a project with other people. I felt like they stole a community from me, so re-creation of a community was an obvious direction to go.

It was very hard for the first year-and-a-half. They were trying to downplay the direction we were going. To this day some people are saying that our OpenSSH was all derived from OSSH. But we added ssh2 support, which was a very serious effort.

DDJ: You're obviously a very creative person. Your response to being kicked out was to build a whole new universe.

TdR: I had to. I didn't want a job, I wanted to go play with software and make stuff better. That's what I was doing before I got involved with BSD. I was trying to write extremely reliable small chunks of code.

DDJ: You don't seem to play the dictator much on the mailing list.

TdR: I just started OpenBSD. Everyone in the group has their own relationships with the other people who are developing.

There are fabulous people doing subsets of the operating system. We cut it into little pieces. Angelos Keromytis (U. of Penna.) and Niels Provos (U. of Mich.) work on the network layer, Marcus Friedl of Germany is the main OpenSSH developer, Todd Miller (U. of Colo.) deals with install, other people do device drivers, others deal with boot blocks on different architectures, some people work on the VM system. They have areas of interest in which they want to solve the problems themselves. That's the way an ideal company would work, perhaps.

DDJ: These are bright and creative people who might be too creative for a lot of companies.

TdR: They're pretty self-directed people working in a self-directed project. We all have common goals. Because OpenBSD doesn't have funding coming and saying what we have to do, and because we don't have a big bank account, we have to make a release every six months. I can say, "In two months, we have to make a release. If you break this, we'll be dead." The developers take this into consideration as they work in changes, and they try to ensure reliability is always built into the system instead of something we just worry about near release time.

DDJ: The team is pretty stable itself?

TdR: Most people in our group hang around for two to three years. Many have been around since the beginning. Sometimes they sort of fade out and disappear for six months because something is more important in their lives. Then they come back and return to the roles they were playing before, or maybe they do one or two other things.

It's wonderful. They're always people who are really keen about what they are doing.

DDJ: They'd have to be, they're not getting paid for this. How do you support yourself?

TdR: Donations, CD sales, t-shirt sales. The Computer Shop of Calgary handles that, leaving me free to work on the things I need to, including deal with the volume of mail I get.

I try to maintain a visual model of what's happening in the entire open source community so that I can make sure certain people know certain things, even though they are not watching the events, so I can remind them of directions they need to search in.

If there's some Ethernet card we're having trouble with, and there's some mailing list where someone has got that solved with another operating system, then I can help the developer look over there for the solution, in addition to working on release co-ordination.

DDJ: Do you foresee a time you'll have to either get a job or make a real commercial enterprise of this?

TdR: It's a bad time to ask me. In the summertime I keep thinking I should be doing other things. But as soon as wintertime comes, I'm right back to doing the same thing and loving it!

I just want to create an infrastructure operating system, which can be used by people to build network infrastructure appliances that are reliable, secure and do what they are supposed to do.

DDJ: If I want to go to a client and say that I want to install a simple, secure firewall very unlikely to get cracked in any simple way unless you cause it yourself, there's no other operating system I can think of except OpenBSD. Linux has too many places you have to look when something goes wrong.

TdR: They're adding complexity without realizing what it does to the maintainer. They are unadminstratable machines.

DDJ: I can install OpenBSD on a fast Pentium in a few minutes. Then I turn on SSH, IP forwarding and NAT and I have a firewall.

TdR: That's the way it should be, simple. Our security process differs profoundly in approach. We don't strive to build a secure system; we try to build a quality system, and security is a by-product of that, it's an accident that happens when we are working on quality.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.