Even though this is the topic of my posts so far, I don't think DARPA is doing something bad or shady or whatever here. I do not blame them for pulling the funding, or putting it under review, or whatever they are actually doing with the money. If he was a major employee making comments like that he would be reprimanded and possibly terminated (his employment, this isn't the NSA). But, I do think they are being idiots in the grand scheme of things. These OpenBSD developers are the only group doing these things. Yeah, some of these changes make it to other systems, and hell, some were developed on other systems (systrace was for both Open and NetBSD in the beginning I think, and propolice was probably developed on Linux), but who is putting these parts together along with everything else?
What system has a list of things like the following:
systrace
non-exec heap (on supported hardware platforms)
non-exec stack (on supported hardware platforms)
chrooted apache
chrooted bind
removing dangerous calls (sprintf(), strcpy(), and strcat())
W^X (on supported hardware platforms)
ProPolice
Along with some of the other things that have made it into OpenBSD earlier than many other systems:
IPv6
OpenSSH (thanks to some great developers of OpenBSD and other software!)
ISAKMPD
sudo
Anyone? I am not saying that this makes OpenBSD better in any way (no matter what my personal opinion is on the subject ). But, OpenBSD is a great platform for these developments. It follows the tradition of the original BSD in that it has been great for development, education, and over all use. The developer of ProPolice (an employee of IBM) was in the loop while the ProPolice work was going on in OpenBSD. In fact, since this was one of the first areas ProPolice was getting a good work out, they happened to find and help fix quite a few bugs (in both ProPolice and OpenBSD I believe). I think Gentoo now has ProPolice, but would this kind of development really work on a Linux distro? Maybe RedHat who has the money to put into it, or Debian that has the fanatical following, but on Gentoo? No offence meant to the users and developers, but I don't think they have the time or really the vision.
Anyhow, DARPA did not necessarily do anything wrong, no matter how much I want to yell and scream that they should all die for stupid crap like this. I just think they are being obtuse about the whole situation.
Wow, I think I am giving this little message reply box at the bottom of the thread a nice work out