OpenBSD Journal

Theo de Raadt to present at CUUG in February

Contributed by jose on from the more-presentations dept.

A poster from the The Calgary Unix Users Group writes:
"Tuesday, February 25th, 2003, 18:00 MST --

OpenBSD lead developer Theo de Raadt will speak about some of the recent changes in OpenBSD that are leading the way to the complete elimination of "buffer overflow" security risks and attacks. Snacks, refreshments and a prize draw will also be featured. Admission for *unregistered* non-members is $10. For more information or to register email: office@cuug.ab.ca"

Wow, should be pretty cool to hear about security issues from someone as well skilled in them as Theo. Wish I could go!

(Comments are closed)

Comments

  1. By Anonymous Coward () on

    well, i somewhat doubt theo knows a lot about security. good coding yes, which security is a byproduct of good coding. but he has shown nothing but ignorance in relation to anything security related, such as orangebook etc

    Comments

    1. By Anonymous Coward () on

      orangebook is only one groups idea of security. take your trolls elsewhere.

    2. By Anonymous Coward () on

      Orangebook? WTF?

      Orange Book is just a broken standard. Even the government doesn't really trust it. Just because an OS is orange book certified doesn't make it secure. All it's used for is marketing hype in the security markets. In fact, I would be glad to know that Theo is ignorant of it. More power to him!

    3. By Anonymous Coward () on

      This time posting about Orange Book bs. It makes sense, because didn't they take some expanded acl code and cut and paste it into MicroBSD? Hmmm... Oh well, if you would actually bother to read the Orange Book, you would figure out it is fairly worthless from a practical standpoint. Look at the FBI and Robert Hanson (sp?), it didn't do much good, did it?

    4. By Not Really Anonymous () on

      I have used OpenBSD for a long time and that doesn't seem to be the case.

      Every step of the way OpenBSD has made security a top priority while still attempting to keep the os usable.

      He would have to know a little bit I think:
      http://www.nai.com/research/covert/advisories/010.asp
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2196.html

      What is information security?
      How is information security compromised?
      What are the most common information security issues?

      What I have found, most information security issues are code related. I have seen many o'server become compromised because of a stack overflow.

      And they might agree:
      http://news.com.com/2100-1001-233483.html?legacy=cnet

      So, I think good coding goes hand in hand with information security. Or was it, pulling the power cord, I can't remember.

      ...

      Comments

      1. By Anonymous Coward () on

        "So, I think good coding goes hand in hand with information security. Or was it, pulling the power cord, I can't remember."

        No, information security is melting hard drives after each use :)

    5. By Anonymous Corwardon Wednesdat, February 12 @02: () on

      Any security standard that has a gradient of systems from least-secure to most-secure where the most-secure is a computer disconnected from any power source and network is worth far less than the cost of printing such a standard.

      That's my run-on sentence for the day, folks.

      Oh, by the way: "MicroBSD has had Orange AND Puce Book ratings since 1972".

      Comments

      1. By Anonymous Coward () on

        "Oh, by the way: "MicroBSD has had Orange AND Puce Book ratings since 1972"."

        ha ha. MicroBSD == POS

    6. By Anonymous Coward () on

      Part of openbsd's security is not adopting every new idea or diff someone posts to a mailing list...

    7. By Anonymous Coward () on

      if that's the reason for OpenBSD's "Only one remote hole in the default install, in more than 7 years!" record, what does that say about orangebook guidelines? right, use the paper the ideas are written on to fuel your next fire.

    8. By Anonymous Coward () on

      I just thought I'd join the chorus of disagreement. Assuming that the protocols and so forth are sound, security problems happen because something about the code isn't correct. Theo and the crew cause the code to be more and more correct, and in doing so are making a very secure system. Cool security tricks are nice, but they don't address the basic fact that lots of code isn't correct. And there are those perverse enough to take joy when people who do good work stumble and demonstrate that they're imperfect humans. Go Theo et all.

    9. By Lars Hansson () lars@unet.net.ph on mailto:lars@unet.net.ph

      I really shouldnt be tempted to bother with this nonsense but I gotta ask...
      Do you people really read sites about products you dont use or like simply so you can have a reason to complain and bitch?
      I cant find words to express how utterly sad and pathetic that is.

  2. By Anonymous Coward () on

    calling all trolls, please report to deadly.org and commence trolling

    Comments

    1. By 133t hax0r () on

      Ok, chief. I'm here.

      MicroBSD rulz!!!111

      Comments

      1. By Anonymous Coward () on

        You sharp-shooting me, punk? Is that what you're
        doing? Don't sharp-shoot me. You'll give me forty,
        then you're gonna give me forty more. Then you're
        gonna pull KP. The grease pit! I'll rub your nose
        in enlisted men's crud 'till you don't know which
        end is up! You understand?
        (with apologies to Frank 'hooah' Slade)

  3. By Gimlet () on

    Any word on whether the presentation will be posted online anywhere? I peeked at the CUUG site but didn't see anything like that (could've missed it tho).

  4. By Anonymous Coward () on

    Could someone that is attending please record this presentation? All one needs is a simply device like a mini-disc player or a something with a mic. Later to be MP3ed.

    A lot of OpenBSD developers have been speaking lately but all we have access to is some notes.

    If you can, it would be good.

    Perhaps there could be a 'media' section on the OpenBSD site with presentation notes and recordings etc.

    Thanks.

    Comments

    1. By SKULL () abuse@microsoft.com on mailto:abuse@microsoft.com

      I second that suggestion. If those folks at 2600 can put their show "off the hook" in the net then OpenBSD should be able to have some talks too, eh?

    2. By Anonymous Coward () on

      would be nice.

    3. By Anonymous Coward () on

      someone, anyone, please record and make this available to thine peers.

    4. By Anonymous Coward () on

      someone, anyone, please record and make this available to thine peers.

  5. By kremlyn () on

    Fuckin' hell.

    Get your own well coded, brilliantly documented, consistently performing, small-footprint, ultra-secure OS instead of attacking ours.

    Jelousy is so lame.

    //kremlyn

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]