I think the big reason Theo doesn't want to ship this offsite is that it's a lot of old/esoteric equipment that often times needs physical TLC in order to make it run properly, or has weird boot requirements, interfaces, etc.
They still have m68k, VAX, and Alpha boxes that are at a minimum 10 years old, that they build the OS directly on all the time.
I've spent time in dozens ... maybe hundreds of server closets in academia/companies that have been around for a few decades, and this is easily on the very, very clean side. When there are no rewards for cleaning up and every reason not to mess with something that works, little tends to be done on the aesthetic side. Ask me sometime about the server closet for a group that aggregated hundreds of remote telemetry sensors... by per-sensor dedicated copper lines that had been around since the 70s.
It's also very typical for machine rooms in academia in my experience (the MIT AI Lab had one that looked far worse than this, and others in the same building were similar). [Well, minus the wooden beams, but aside from that...]
Business are typically a little better (IME), as they tend to have a bit more money, but sometimes barely. Once you get to giant Google-scale outfits, of course, the game changes completely...
I went in a BIG well known UK hosting company DC (which we colo'ed in) back in 2003 and they had racks of machines sitting on top of books on the bottom of comms racks rather than proper racks. We had to get a DL380 out from underneath a pile of 5 others. Not as easy as it sounded.
Cables everywhere. Power cables taped to everything. Total mess.
The worst I ever saw was at a govt site, where you could not see a single inch of floor space, for the tangled mass of cables that ran across it. They had laid scaffolding planks across the top of the sea of cables, to walk on.
There's also the possibility of critical failure from transport. Old hardware can wind up as a sort of brittle "dead man walking", where even the slightest unpleasantries in a shipping container kill it for good.
FWIW, this is because Canada is far more restrictive than the USA in terms of what constitutes a "charitable purpose". The FreeBSD Foundation would not be able to give charitable-donation tax receipts if it were Canadian either.
"Now we all discover that FreeBSD has been doing it wrong. It's not as if they operate in a closed source world, and couldn't have looked at what others did. They must have chosen a few years ago to do this wrong, intentionally.
"Perhaps that decision was made by their Californian developers, the ones who work fairly close to that NSA building.
In which our friend Theo de Raadt talks about measures in OpenBSD that make attackers life harder: memory allocation randomization, W^X pages and stack protectors.
Of course it’s served with a side dish of invective at FreeBSD, as the project does not use all his cool stuff, and how could it then claim to be called a secure system, hmm?
Playing the game called 'guess my memory address' with attackers might be fun, but better to actually isolate them via cap_enter(2), and guarantee success
rather than attempting to make a successful attack less probable. Security isn't a game.
After Theo came Henning Brauer speaking about OpenBSD’s variant of pf.
Seems they have made yet another syntax change recently, and that pf performance is up, (but no numbers were reported).
Henning was, of course, queried. Gleb reports that Henning responded, "'in FreeBSD pf is faster than in OpenBSD' is actually a lie, and that if you pick a proper uniprocessor hardware you will see, that in OpenBSD pf can forward 3 times more than in FreeBSD."
Unfortunately, he didn't give any hint on the model of hardware he used to generate this result, so reproducing his results becomes… difficult.
Then yesterday we get the tight-lipped email from asking for someone to pay the power bill for OpenBSD.
I hope he doesn’t get someone in trouble for the obvious tax dodge.
The OpenBSD devs wrote pf from scratch. Mac OS X, FreeBSD and NetBSD took it and now use it and have variants of it. OpenBSD has the original, standard pf that they wrote from scratch and gave to the world as free software. OpenBSD's pf is not a variant of pf. It is the original. And it's insulting and incorrect of you to suggest otherwise.
Wow, the tone is very harsh here. What's wrong with my suggestion? i honestly don't get all the downvotes here. smh. Even they are two distinct projects by now, there is no need to be harsh and ask if I were a project manager. The Internet is open to people to question.
I don't know about the others. I downvoted because I don't like suggestions phrased as questions (and yeah, that tends to be what project managers do when they have no useful contribution to offer, can't be bothered to learn anything about the project they're managing, but want to feel like they're not useless).
First of all, there are project managers who are also devs. So you are in fact insulting thousands of hard working devs who have to take the role of a project manager.
Secondly, don't assume that kind of question is coming from project manager's voice. That's rather stupid and narrow minded. Any one can ask that question.
Whether the project is so distinct in terms of code or philosophy, it is a genuine question. Anyone should be allowed to ask question. All the downvotes are either because (1) some bigot mind can't appreciate question, or (2) people who can't get along with the other development team so any thought on merging two project must be a crime, or (3) people just hate my idea of asking Google to donate a couple machines.
You are just making the *BSD world bad because no one shall ever asked such stupid question why two teams should never think about merging into a single team.
> Whether the project is so distinct in terms of code or philosophy, it is a genuine question. Anyone should be allowed to ask question. All the downvotes are either because (1) some bigot mind can't appreciate question, or (2) people who can't get along with the other development team so any thought on merging two project must be a crime, or (3) people just hate my idea of asking Google to donate a couple machines.
Or (4), people are strongly adversarial to the "why do we need" question in the context of open source projects. Do we also really need iOS and Android? Windows and OS X and Linux and the many flavours of BSD? Chocolate and vanilla ice cream?
> Whether the project is so distinct in terms of code or philosophy, it is a genuine question.
No it isn't.
Yes, people who dislike your ideas will downvote you. It's pretty much how the interwebs work. If there are more people who dislike them than people who like them, the downvotes will outweight the upvotes. There also tends to be no correlation between how bad an idea is and how many downvotes or upvotes it receives. Because the Internet is full of mean, misbehaving people like me.
I am scared to be a *BSD user by now, though I had used it for a while back when I was a high school student. I probably have stepped on the forbidden land of all OS: "duh, if I want to get merged, I wouldn't be forking or stemming off from some root project a long time ago -- I like what I am doing and I am doing well." Something like that. Anyhow, I think that antagonistic response is unnecessary.
It is different in other projects where people see that if they can merge effort they may get better. My example is Pylons and Pyramid.