Re: A different view of the Theo de Raadt funding question

Re: A different view of the Theo de Raadt funding question

[ccallen]

Who knows, it's probably a mixture of things. The US government has made an
on-going investment into selinux. Selinux works with the Linux Security
Model (a by-product of the selinux project) which is being merged into the
linux kernel. In these times of lean budgets, it would make good economic
sense for a federal agency to make a choice dependant upon where they have
made the greatest investment.

Conan


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: A different view of the Theo de Raadt funding question

[Joshua Brindle]

it strikes me that the other explaination (the article) it totally bogus. It doesn't seem to me that darpa would pull it's grant in midstream because of it's other persuals. If it is darpa's intention to follow up with other implementations like trustedbsd and selinux it seems to me that they would not renew (or offer another grant) but pulling an existing grant in midstream has got to be caused by something a little more drastic, especially since there wasn't even that much left. IMO Theo is an idiot for talking about the government and DoD while recieving a grant from them, talk about biting the hand that feeds you. I appreciate the government for acting the way they did toward someone who obviously wasn't grateful.

>>> "ccallen" <ccallen@windowpane.com> 04/22/03 06:34PM >>>
>Who knows, it's probably a mixture of things. The US government has made an
>on-going investment into selinux. Selinux works with the Linux Security
>Model (a by-product of the selinux project) which is being merged into the
>linux kernel. In these times of lean budgets, it would make good economic
>sense for a federal agency to make a choice dependant upon where they have
>made the greatest investment.




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: A different view of the Theo de Raadt funding question

[Russell Coker]

On Wed, 23 Apr 2003 03:43, Matthew S. Hamrick wrote:
> Mi amigo Larry Cohen has posted a story at cryptonomicon.net with
> speculation that the real reason OpenBSD's funding got cut was because
> of competition from TrustedBSD and SELinux. While it's not a technical
> issue, I thought it might be interesting to readers of this list.

That could be part of it.  However I think that there are good reasons for 
funding all three projects.

Note that OpenSSH is widely used on SE Linux and FreeBSD and there is no 
viable alternative to it.  Other software that is developed on or for OpenBSD 
is also widely used on Linux and FreeBSD systems.

I have not reviewed the details of the research that DARPA was funding on 
OpenBSD, but I would be very surprised if it could not either be ported to SE 
Linux and TrustedBSD systems or used as a point of comparison with those 
systems.

It is well known that various agencies of the US government have all currently 
available OSs in use in production environments.  I am sure that it can be 
demonstrated that improving the security of any OS benefits some parts of the 
US government.

On Wed, 23 Apr 2003 13:01, Joshua Brindle wrote:
> especially since there wasn't even that much left. IMO Theo is an idiot for
> talking about the government and DoD while recieving a grant from them,
> talk about biting the hand that feeds you. I appreciate the government for
> acting the way they did toward someone who obviously wasn't grateful.

One thing that people should keep in mind is that he wasn't really hurting the 
US government (more important people criticise it in more public ways and get 
more press).  He was hurting the people inside DARPA who advocated him.

Someone inside DARPA is probably regretting that they stood up at a committee 
meeting and said that OpenBSD was worthy of receiving a grant.  This may 
affect their actions when there are funding discussions related to other open 
source projects, and this can't be good for any of us.  Hopefully they will 
realise that most Linux and FreeBSD people are not like Theo and learn to 
recognise the small minority who are.

If Theo had a serious issue with receiving money from the US government then 
he could have abstained from requesting it.  From what I know of such things 
DARPA doesn't surprise people with gifts of money, they have to go to some 
effort to request it.  Theo could have avoided such effort and requested that 
other contributers to OpenBSD do the same.

In case someone was thinking of the "freedom of speech issue", when someone 
offers you money you are free to say "no thanks".


PS  Please note that I made no mention of my own political opinions in this 
message as this list is entirely the wrong place to discuss such things.  
Anyone who is interested in discussing such things can contact me privately.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: A different view of the Theo de Raadt funding question

[Matthew S. Hamrick]

-----BEGIN PGP SIGNED MESSAGE-----

Yes,
	I can see your point. I was Larry's sounding board when he put the 
news tidbit together. I have a very tiny experience with DARPA, but one 
thing I've discovered about government funding is they're not shy about 
pulling funding if you're 1) not doing what you said you were going to 
do AND 2) you're not well politically represented. My theory on the 
whole mess is that when DARPA started funding OpenSSL and TrustedBSD, 
they heard a lot of griping about Theo and how he won't play well with 
others. Then when the mandatory review came at the 85% funding level, 
this along with the fact that he was a Canadian (while the TrustedBSD 
team was based in ... uh... Maryland, I think) might have been the 
cause for DARPA's concerns. I would guess that the program manager at 
DARPA would probably have had a long talk with Smith at U Penn. If he 
wasn't careful, he could have said something like, "yeah, Theo produces 
top knotch stuff, but he sometimes flames my post-docs" Depending on 
the person involved at DARPA, this could have been the beginning of a 
large downward spiral.
	But I guess it's all speculation until we hear more from Smith and/or 
DARPA. The "publicly speaking out against the war" explainiation 
doesn't hold water with me. (Of course my own conspiracy theory isn't 
all that much better.) Maybe it was just a mistake? Maybe it's mixed in 
with the Trusted Solaris announcement? Maybe the DoD is saying, "ah to 
heck with all you open source types, we're going to standardize on a 
commercial Unix for our TCB." Who knows...

- -Matt H.

P.S. - Larry, hit the "reply to all" button if you want to reply.

On Tuesday, April 22, 2003, at 11:01 PM, Joshua Brindle wrote:

> it strikes me that the other explaination (the article) it totally 
> bogus. It doesn't seem to me that darpa would pull it's grant in 
> midstream because of it's other persuals. If it is darpa's intention 
> to follow up with other implementations like trustedbsd and selinux it 
> seems to me that they would not renew (or offer another grant) but 
> pulling an existing grant in midstream has got to be caused by 
> something a little more drastic, especially since there wasn't even 
> that much left. IMO Theo is an idiot for talking about the government 
> and DoD while recieving a grant from them, talk about biting the hand 
> that feeds you. I appreciate the government for acting the way they 
> did toward someone who obviously wasn't grateful.
>
>>>> "ccallen" <ccallen@windowpane.com> 04/22/03 06:34PM >>>
>> Who knows, it's probably a mixture of things. The US government has 
>> made an
>> on-going investment into selinux. Selinux works with the Linux 
>> Security
>> Model (a by-product of the selinux project) which is being merged 
>> into the
>> linux kernel. In these times of lean budgets, it would make good 
>> economic
>> sense for a federal agency to make a choice dependant upon where they 
>> have
>> made the greatest investment.
>
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing 
> list.
> If you no longer wish to subscribe, send mail to 
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Learn about sending me secure email at http://www.cryptonomicon.net/howto/pgp.html

iQEVAwUBPqZxoOkrkgM9eER9AQH8mwf+OEK6U0MJ9kpjMBl8tKxK4QifRspg1FN/
yVD8ChI48auET0W5Q5/U97g2HC+fPm6ib8y4k1uSzE/FLQHPEJCNzFACgM6uOyVN
hXQ+xvQ6Lcv1ZTYnqYAYmqiVvHcPFZ0jLcGKMMe4Z7UktSNVyqAtOCg8ltC/Naa9
4bAHEj36zmLw7dSasmcPmgyO07jGTxAwA06xzj/otFbl1pgBcKCdwarEnJn00L5w
cCnWqNp1TeeccGXL97fhnHDxnpVs3mQWPGantnoHLpPvO+WQV84J/mVBH9WxyKnz
IJrXvVMRFoywvbH3XIT36ZHK4XUIJuayZaFo8IUcEt5o44HiwQazug==
=8wCE
-----END PGP SIGNATURE-----


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: A different view of the Theo de Raadt funding question

[Howard Holm]

OK folks.  The SELinux list is for discussion of SELinux.  DARPA funding
practices are off-topic, and although I won't say everything related to
OpenBSD is off-topic, OpenBSD funding isn't an SELinux related topic. 
This is being widely discussed in more appropriate places, so please
take the conversation somewhere else.

A friendly reminder from your mailing list administrator.

-- 
Howard Holm <hdholm@epoch.ncsc.mil>
Secure Systems Research Office
National Security Agency




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: A different view of the Theo de Raadt funding question

[Dale Amon]

On Wed, Apr 23, 2003 at 06:57:29AM -0400, Matthew S. Hamrick wrote:
> others. Then when the mandatory review came at the 85% funding level, 
> this along with the fact that he was a Canadian (while the TrustedBSD 
> team was based in ... uh... Maryland, I think) might have been the 
> cause for DARPA's concerns. I would guess that the program manager at 

This could have a great deal to do with it. I've run
up against it myself. I'm a US citizen but resident
in the UK. I was looking into to some SBIR's with
a friend in Pittsburgh and we found that it is required
that funds may not be used outside of the US. Not
even if the non-resident is a citizen. I doubt DARPA
grants are that much different from SBIR's. I've 
worked under both at various times.

I'm surprised they didn't hit the school with a 
request to return part of the funds used outside
of the United States.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: A different view of the Theo de Raadt funding question

[Rottura, Steven]

Not understanding a criticism of DARPA on an NSA majordomo / mail-list.
Thought Howard Holm's message previous took care of that.

On a separate note: I was interested in whether development of 
private-key algorithms was still interesting in today's world
of public key schemes, for example assymetrical ones layered piecemeal
with different keys, used to secure individual sessions -- etc... 
Or, is most of the work going on (i.e. here with SELinux) *not*
involving encryption but rather general system security / app. priveledges,
etc.?

thanks & sorry to be long-winded

-----Original Message-----
From: Dale Amon [mailto:amon@vnl.com]
Sent: Wednesday, April 23, 2003 9:50 AM
To: Matthew S. Hamrick
Cc: Joshua Brindle; selinux@tycho.nsa.gov; ccallen@windowpane.com;
larrycohen99@yahoo.com
Subject: Re: A different view of the Theo de Raadt funding question


On Wed, Apr 23, 2003 at 06:57:29AM -0400, Matthew S. Hamrick wrote:
> others. Then when the mandatory review came at the 85% funding level, 
> this along with the fact that he was a Canadian (while the TrustedBSD 
> team was based in ... uh... Maryland, I think) might have been the 
> cause for DARPA's concerns. I would guess that the program manager at 

This could have a great deal to do with it. I've run
up against it myself. I'm a US citizen but resident
in the UK. I was looking into to some SBIR's with
a friend in Pittsburgh and we found that it is required
that funds may not be used outside of the US. Not
even if the non-resident is a citizen. I doubt DARPA
grants are that much different from SBIR's. I've 
worked under both at various times.

I'm surprised they didn't hit the school with a 
request to return part of the funds used outside
of the United States.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.