de Raadt is a remnant of the "real men" programming era. The upside of "real men" is that they write code, but then of course some Rust proponents write code too, and their code is in fact safer because to err is human.

There's an ACME (e.g. for Let's Encrypt) client included in OpenBSD which is exactly what you'd expect a real man ACME client to look like. It uses OpenBSD-only pledge() and similar features to do privilege separation, it has guards and checks throughout and so long as there aren't any missing (but there's no way to verify...) it's probably safe to use it - but it's written in C rather than a safer language.

There are some obvious security considerations you'd put in an ACME client, and somebody who thought OpenBSD was about security would probably expect them. But they are absent because it's not about security it's about being a real man. Examples: Using CSRs is safer as now the ACME client doesn't know your private keys, but acme-client doesn't provide any way to do that. Using the dns-01 challenge rather than http-01 or tls-alpn-01 allows you to do issuance from a system that isn't accessible from the outside world rather than having to open ports but acme-client only supports http-01 challenges.

I’m an OpenBSD developer (mostly a packager). IMO you’ve mischaracterized both Theo’s response and OpenBSD’s culture.

If OpenBSD has a culture, it’s not “real men,” but “show me the code.” That’s plain from the mail linked in the post you responded to: mailing lists are full of people making suggestions (like “rewrite OpenBSD in Rust”), but few people doing the necessary work (like implementing or testing a reasonably POSIX‐compatible userland, handling the 8+ architectures that would immediately have to be dropped, measuring the performance impacts on the project build clusters…).

Contrast the above response with the WireGuard implementation this whole discussion is about. A non‐OpenBSD contributor sent a draft patchset, which received suggestions and was iterated upon several times, and despite some complaints about the concept from one quarter (https://marc.info/?l=openbsd-cvs&m=159273877612032&w=2), it was committed by the very person who had those complaints! In the end Jason and Matt of WireGuard described the process as “extremely pleasant” (https://lists.zx2c4.com/pipermail/wireguard/2020-June/005588...). This is feedback I see often from external contributors.

You describe safety guards like privilege separation and pledge/unveil as “real men programming”, but they’re the complete opposite: they exist precisely to mitigate the damage that results from human error. acme-client’s design does keep private keys inaccessible this way (see https://kristaps.bsd.lv/acme-client/). Privilege separation is a proven technique. OpenBSD is not a project that says it’s okay to live dangerously as long as you code with the right macho attitude.

There are plenty of valid things in OpenBSD to complain about—it might even be valid to argue that our resistance to Rust disproportionately values architectural concerns over memory safety!—but don’t blame “real men programming.” That’s just false.

I am baffled as to why you attribute OpenBSD’s ACME client lacking DNS challenges to this same “real man” attitude rather than the simple reality that in a relatively small, completely volunteer project nobody has yet done the work to integrate that feature. If someone sent a patch to add dns-01 support—certainly something very useful that plenty of our users and developers want—I bet it would be committed within weeks.

I'm an OpenBSD developer and fully agree anjbe here.

OpenBSD is for REAL HUMANS. Not real "men". OpenBSD is build and designed for everyone. It is a system you can give to your 5 year old and as they learn how to use the computer they'll learn how to safely connect to the Internet. The base install literally comes with games targetting children, to help their Internet experience.

Your whole life you have been using non-free, non-functional, and insecure software.

I'm here for fun - if we want to keep as many pufferfish alive as possible until the heat death of the universe, for me it starts with installing OpenBSD. OpenBSD is nothing other than love for other humans, and we don't know if we can trust them.

Haha, imagine who got my Loongson Laptop with OpenBSD for playing around?

My little cousin 9 y/o ...he knows how to update the system and packages, he plays with it very often and started to type some python programs i send him..often he tweaks them..like changing the color of the square. He has so much fun when he can 'magically' change whats drawn on the screen. Thank you all for that great system

"show me the code" people need to understand the other side: I used to be one. In practice, it simply means advance payment, and advance payment scams should make it clear why people are worried about it.

Just as maintainers do, contributors do not want to waste their time. If people talk, without code, about say dns-01 preferrable to http-01, that is because they aren't sure sending a patch to add dns-01 support without discussion would be merged. As an OpenBSD developer, you have such visibility and I believe you, but it is often very unclear to outside contributors whether something will be merged if implemented.

Saying "show me the code" to such discussion in practice is interpreted as "I am not sure whether we want this or not, but if you do the implementation, it is your timee wasted, not mine". The reason is, if you interpret it as "show me the code and you will be welcome", your guess is often wrong. After a couple of such experiences myself, these days I never do advance code payment. Always discussion first.

What you’re saying is valid, but I’m not suggesting that “show me the code” comes with no downsides. Rather, I’m disputing the parent’s portrayal of OpenBSD’s development style as “real man programming.”

I’m not shy to say that if acme-client can be modified to not require access to private keys at all, that would be a welcome improvement.

But you described privilege separation as “real men programming,” and that’s off base.

I am (sincerely!) interested in what Let’s Encrypt clients you suggest that use http-01 and don’t require access to private keys.

I haven’t looked at the OpenBSD code but have built a system that uses a separate server to actually perform the certbot http challenge. The server needing the certificate just forwards the port 80 acme requests to the certbot server

CSRs were sufficient for that, at no point was it necessary to ship private keys. And this was using just the standard ubuntu certbot for the actual requests.

Interesting response.

Pretty backwards of Theo to snub Rust-lang like that. It's pretty much attempting to achieve the same ideals as some of OpenBSD's.

Eh, not really. OpenBSD is about simplicity more than anything else. It's no surprise that they don't want Rust, which is very complicated, into the OS. Also rustc is super complicated, and very slow.

For example, for a time OpenBSD was trying to switch to pcc, a super simple C compiler so they could get off gcc. They eventually went with clang instead, which is not simple, but presumably the cost of using an alternative to gcc or clang was too high.

It's not a snub of the language, it's a complaint about the compiler using all your memory. That's not an unreasonable complaint.

It was also written 3 or so years ago, so hopefully rust has improved.

I agree with your comment, but how often does a high memory program get better at memory usage over time? My intuition is that use of resources goes almost exclusively in one direction. Layers get added, less often removed. On the other hand the typical RAM amounts in common hardware gets higher too.

Firefox did, while they did MemShrink project: https://wiki.mozilla.org/Performance/MemShrink. I note that Rust is in part developed by the same organization that brought a successful MemShrink project, so you should be more hopeful.

Nice. On the other hand, I feel like people will tolerate high memory usage in a compiler much more than they will in a browser. Memory usage in general is very different between the two - in a compiler it will perform many allocations and discard quickly, whereas the pain in a browser is more likely sustained memory usage from long-running instances.

Note that he did not snub the language but its toolchain.

I think they already have enough trouble with Rust in the ports tree that they don't want the same thing in base.

OpenBSD has to be able to build itself on fairly lean hardware, it's a design goal for the project. Rust has been in ports and packages forever if you want to install it.