Theo de Raadt is a software engineer and hacker who was born in South Africa but built his career in Calgary. He founded projects such as NetBSD, OpenBSD, and OpenSSH. In 2004, de Raadt won the Free Software Award for his contribution to the development of free software, writes calgary-future.
Childhood and youth
Theo was born in 1968. His father is Dutch, and his mother is from South Africa. Fearing mobilization in South Africa, the family emigrated to Calgary when Theo was 9 years old.
Around the age of 14, Theo started developing software on one of his first computers. After school, he entered the University of Calgary, where he received a bachelor’s degree in computer science.
The first project
In 1993, a year after completing his bachelor degree, de Raadt, along with three other programmers, created the NetBSD project, a free, open-source UNIX-like operating system based on the Berkeley Software Distribution (BSD) family of UNIX operating systems. NetBSD is available for many servers, desktops, mobile devices, and embedded systems. This project focuses on code clarity, careful design, and portability across multiple computer architectures.
The idea to create such a system arose when its creators were disappointed in the directions and pace of development of 386BSD operating systems. They believed that the project needed a more open development model that focused on portable and correct code. They called their product NetBSD, where the second part indicates what this system is based on, and the first emphasizes the importance of the development of the Internet (at that time it was still actively developing).
In 1994, de Raadt left NetBSD, and access to the source code repository was closed to him. Writer Peter Wehner, in his book on technology Free for All, said that this was due to de Raadt’s excessive directness and disagreements within the team. At the end of 1995, Theo started another project – OpenBSD.
The founding of OpenBSD
In October 1995, de Raadt founded OpenBSD, a project that was a kind of offshoot of NetBSD. This UNIX-like system was also free and open source, and it was also based on BSD. Theo put the word “open” in the name to emphasize the availability of the operating system’s source code on the Internet.
For the software included in the system, it was decided to use licenses similar to BSD licenses. They do not impose restrictions on private or commercial use of the software, but only oblige to mention the authors and the license itself in the modified versions.
De Raadt, already having a negative experience of managing the project, did quite well this time, although there were many complaints from journalists and interviewers. Since its inception, the project began releasing new releases every 6 months, each of which was supported for 1 year.
In June 2001, the source text of his system was subjected to a thorough license revision. Then it turned out that more than a hundred files do not have licenses or, if they do, are used without observing their terms.
In December 2017, Ilja van Sprundel, director of security services at IOActive, in his report, “Are all BSDs created equally? BSD Kernel Vulnerability Survey” stated that while OpenBSD is BSD’s security winner, bugs are still easy to find. 2 years later there was another paper on this topic – Systematic Evaluation of OpenBSD Mitigation Tools. Speakers criticized OpenBSD’s mitigations as allegedly based on superstition.
Start OpenSSH
OpenSSH is a set of secure network utilities based on the Secure Shell (SSH) protocol that provides a secure channel over an unsecured network. It is not a separate computer program, but a whole set of programs that are integrated into several operating systems: Microsoft Windows, macOS, and some Linux operating systems.
Theo, along with other OpenBSD developers, created OpenSSH in December 1999 as an alternative to the original SSH software. The goal was to make a set of programs that is safer than its original due to its clean and tested code and the fact that it is released under the BSD license, that is, an open source license.
In the version released in 2011, an innovation appeared – an experimental “sandbox” mode that prevented attacks on some network nodes by launching proxies or sockets. In October 2019, OpenSSH was protected against possible memory speculation and attacks by adding in-memory private key protection.
Challenging character and clashes with Linux
Theo de Raadt often started disputes in the public space with various groups – from government officials to supporters of the Linux operating system, whose source code is available for use, modification and distribution by absolutely everyone.
Outspoken statements repeatedly became the cause of conflict, but also brought fame to Theo. After gaining recognition, de Raadt began speaking at conferences focusing on open source, free software, and Internet security.
De Raadt is known for his propaganda of free software drivers. For example, he spent a long time trying to convince wireless vendors to allow the free distribution of firmware samples of their products. Often these attempts were successful, for example, Taiwanese companies accepted de Raadt’s proposal, resulting in many new wireless drivers. But American companies have shown no desire to tailor their microprograms without license restrictions.
In April 2007, de Raadt argued with Linux over the use of GPL code from the Linux driver. Another conflict occurred in August of the same year, when a group of Linux developers tried to change the license of the dual license driver ath5k.
Following conflict was related to the POSSE project – a security initiative created in 2001 by OpenBSD, the University of Pennsylvania Distributed Systems Laboratory, etc. POSSE was intended to improve the security of open source projects, namely OpenSSL and Apache. It was funded by a grant from the US Defense Advanced Research Projects Agency (DARPA).
Annually to implement advanced security features used on government special purpose computers was allocated $2,125,000. In this way, the US government wanted to benefit from providing security features in affordable, standardized computers and software.
In 2003, de Raadt stated in an interview his disapproval of the US invasion of Iraq in April 2003. In particular, he said he was glad that the grant that POSSE is receiving means that not all of the funds are being spent on cruise missiles. At the time, Jonathan Smith, head of the POSSE project, said US military officials were unhappy with the comment. After some time, DARPA stopped funding the project.
After canceling the grant, the US Army faced criticism that the US was not allowing free speech. Still, the termination of the grant was not as strong a blow to the project as many expected. POSSE supporters rallied and helped themselves financially.
