Theo de Raadt: "You've been smoking something mind altering" (2007)
Theo de Raadt's infamous 2007 email vehemently dismissed x86 virtualization as a security risk, calling proponents 'deluded' and 'stupid'. This decades-old, blunt take sparks a lively HN debate revisiting his prescience (or lack thereof) and the contentious personalities in open-source development. Commenters dissect whether his strong opinions, often seen as provocative, held true in the long run given the evolution of virtualization technology.
The Lowdown
In a fiery 2007 email to the OpenBSD-misc mailing list, Theo de Raadt, the founder of OpenBSD, launched a scathing attack on the perceived security benefits of x86 virtualization. His message was a direct and unapologetic response to a query suggesting virtualization could enhance security.
- De Raadt dismissed the idea that x86 virtualization offered security benefits, instead labeling it as a dangerous addition.
- He argued that virtualization layers effectively introduced a 'nearly full kernel, full of new bugs' atop an already 'nasty x86 architecture,' creating a new 'pile of shit' for operating systems to run on.
- He asserted that it was 'absolutely deluded, if not stupid,' to believe that the same software engineers who consistently produce insecure operating systems and applications could suddenly build secure virtualization layers.
- De Raadt concluded that the appeal of x86 virtualization was superficial, likening it to buying something based purely on 'pretty colours' without understanding its inherent flaws.
This brief but potent email captured De Raadt's characteristic bluntness and skepticism towards complex, unproven technologies, especially when security claims were involved.
The Gossip
Vexing Virtualization Verdicts
The central debate revolves around whether Theo de Raadt's 2007 assessment of virtualization security was accurate or a 'dumber take.' Many argue that modern hypervisors (like KVM) represent a significant attack surface reduction compared to full OS kernels, with empirical data showing rare escapes. However, others point to contemporary research from the time, including a paper demonstrating widespread exploitable flaws in VMs, suggesting De Raadt's skepticism was well-founded given the technology's state back then. The discussion highlights the evolution of virtualization security over nearly two decades.
Blunt Bigwigs Battle
Commenters discuss Theo de Raadt's notoriously abrasive communication style, often comparing him to Linus Torvalds. Some celebrate this bluntness, viewing it as a necessary trait for maintaining high standards and cutting through nonsense, even suggesting that Torvalds' 'apology tour' was a negative development. Conversely, others argue that such 'asshole' behavior, while potentially born from intelligence, ultimately harms open-source projects by scaring away competent but thin-skinned contributors who don't wish to be publicly humiliated.
BSD's Branching Backstory
A tangent explores the historical context of BSD's development and its relationship with Linux. Comments touch upon the BSD lawsuit's impact, which some believe diverted developers to Linux and hampered BSD's growth, despite its eventual legal clearance. The discussion also notes OpenBSD's eventual development of its own virtualization subsystems (vmm/vmd), contrasting this with De Raadt's earlier pronouncement and raising questions about architectural choices and the 'license war' between BSD and GPL projects.