Building Firewalls With OpenBSD And PF, 2nd Edition (2003)
.pdfAppendix D
Helping OpenBSD and PF
Although OpenBSD and pf are free software, the world around us is a place where most things need to be paid for. Just like everyone else, developers working on OpenBSD and pf must pay for their food, hardware, electricity, Internet access, and many other goods and services they use in everyday life. They are people like you and me, and like all of us they will continue working on their projects for as long as long as they feel an incentive to do so. And there is really no better incentive than a Œstful of green ones. What these guys need is Œnancial security and a steady •ow of cash, because the human mind works best when it does not have to think of earning money to keep itself alive and warm. So, by helping the OpenBSD project, you are helping developers focus on improving the quality of their code instead of chasing jobs and worrying about paying bills. This is good for all users of OpenBSD.
If you are still not convinced that paying developers of free software is something you should do, think about it in a slightly different way. A more selŒsh way. When you pay these bright people you are, in a way, securing your own future, because by giving them money you are making sure they will keep on improving the tools you get for free. The long term effects of your donations will be better tools for you, and better tools translate into serious saving and increases in revenue to your business. The good news is that you do not need to donate outrageously large amounts of money and you can do it online, with a credit card or from your PayPal account.
D.1 Buy OfŒcial CD-ROMs, T-Shirts, and Posters
There are several ways you can donate money to the OpenBSD project. One of the most popular ways to do it are purchases of the ofŒcial OpenBSD CD-ROM sets published twice a year at the time of release of each new version of the OpenBSD operating system, in May and October (of course, there is nothing wrong with purchases made at other times). Apart from the ofŒcial CD-ROM sets, the OpenBSD project sells t-shirts and
298 |
Appendix D: Helping OpenBSD and PF |
|
|
other collectible items that help fund it. To make a purchase, visit the Ordering page, where you will be able to place your order online, or Œnd addresses of your ofŒcial local distributors:
http://www.openbsd.org/orders.html |
(the ofŒcial OpenBSD online store) |
|
http://www.kd85.com |
(kd85.com, the ofŒcial European distributor) |
|
Beware of freeloaders who will sell you OpenBSD on
CD-ROM for very low prices. They sell what everyone can download for free from ftp.openbsd.org and do not donate any money to the project. This hurts the whole
OpenBSD ecosystem and takes money away from the developers.
A purchase of the ofŒcial OpenBSD CD-ROM set can help you in dealings with tax authorities and software auditors. They always ask for invoices and licenses, which you can provide, if you buy OpenBSD directly from the OpenBSD project or its ofŒcial distributors.
D.2 Make Small, but Regular Donations
If you cannot afford the ofŒcial CD-ROM set, then by all means download the latest release for free, but remember to make a donation to the project. You can do it online with a credit card or via PayPal, the instructions are on the Donations page:
http://www.openbsd.org/donations.html |
(OpenBSD Donations) |
A particularly cost-effective way of helping the project without you budget even noticing it is making small, but regular contributions. Let's do some simple math. Suppose you make a monthly donation of $5. It is not a particularly huge amount of money, but if you multiply it by the number of months in a year, it translates into $60Šstill not a huge pile of cash. However, if only 1,000 people make such small, but regular contributions, the project will suddenly have an additional $60,000 to distribute to developers. Of course, you can choose to contribute more, as long as you can afford it. Remember that the point here is not to spend your life's savings, but to choose an amount that you will be able to contribute regularly without even noticing.
Section D.3: Hire Developers of OpenBSD and PF |
299 |
|
|
An added bonus of making donations to the OpenBSD project is the fact that, apart from funding the development of your favorite software, you can also make yourself famous. After you make a donation, your name goes on the list on the Donations page and the whole world knows that you are one of the good guys who support OpenBSD. If good karma is not enough, you can add a link to your page and get free advertising. Of course, if you prefer to remain anonymous, that can be arranged too.
If you would like to send a check or arrange other forms of funding, you should get in touch with Theo de Raadt (the leader of the OpenBSD project). You will Œnd the necessary details on the Project Goals page:
http://www.openbsd.org/goals.html |
(OpenBSD Project Goals) |
The donations you make to the OpenBSD project may not be tax deductible, but they could be written off as business costs. When in doubt, consult you accountant or tax advisor.
D.3 Hire Developers of OpenBSD and PF
If you are looking for people with deep knowledge of Unix, OpenBSD, SSH, pf, or network security, consider hiring developers of OpenBSD, OpenSSH, or pf. These people have a very intimate knowledge of the system and the Open Source software tools, and they may save you a lot of time and money. The developers of OpenBSD and pf are scattered around the world, and they may be living near you, or willing to relocate. Some of them may be willing to telecommute, if traveling or relocation are not possible.
How do you Œnd them? There are several ways, depending on how open you want to be about it. The most obvious way is to check the CVS repository of the OpenBSD project and see who's working on which part of the system. Or, you could join the misc or tech mailing lists. To join, visit the
Mailing lists page:
http://www.openbsd.org/mail.html
300 |
Appendix D: Helping OpenBSD and PF |
|
|
Note that not all people who post to misc are OpenBSD developers, but you will be able to Œnd pointers to the right people, if you ask. The tech mailing list is reserved for technical discussion, which means that the signal-to-noise ratio is higher and it is easier to Œnd the people you are looking for there. Should you prefer to keep a low proŒle, you can always write to Theo de Raadt to direct you to the right person. His address can be found on the Project Goals page:
http://www.openbsd.org/goals.html |
(OpenBSD Project Goals) |
If you prefer to go straight to the people you want to reach, you can always Œnd them on the Web. For example, Daniel Hartmeier's site would be the best place to look for information about getting in touch with him:
http://www.benzedrine.cx |
(Daniel Hartmeier, developer of pf) |
Links to other developers' and consultants' sites can be found at dmoz.org:
http://dmoz.org/Computers/Software/Operating_Systems/Unix/BSD/
+ OpenBSD/Personalities/
Others can be found with Google, simply search for: openbsd developer
http://www.google.com |
(Google) |
D.4 Donate Hardware
Another way to help the OpenBSD project is through donations or leases of hardware. The beneŒts are obviousŠthe more silicon to test OpenBSD on, the better. However, before you send your old server farm north to Canada, check what the project needs Œrst. The list of current hardware requests is published on the Hardware wanted page:
http://www.openbsd.org/want.html |
(OpenBSD Hardware Wanted) |
D.5 Spare Some of Your Precious Time
If you are an able C programmer, you can help by pitching in and giving a hand with maintenance of existing code or by contributing your own code.
Section D.6: Spread the Word |
301 |
|
|
Remember though that this is a long-term commitment and requires regular participation in the core development activities.
D.6 Spread the Word
Yet another way to help OpenBSD is by spreading the word about it. As long as you don't do it like a zealot, you will Œnd plenty of ears willing to hear the gospel. Be polite, patient, and open to questions. Learn to accept criticism. Remember that you only have one chance to make a good Œrst impression and whatever memories you leave in the minds of the people you speak to will likely be generalized and applied to the OpenBSD community as a whole.
If you want to have something to give away at user meetings, to your friends, or to your clients, print this appendix and and pass it on to your friends and clients. To help you preserve your copy of this book, the whole appendix is available in PDF format at:
http://www.devguide.net/books/openbsdfw-02-ed/
Feel free to link to this document from your sites or pages. The more people learn how to help the OpenBSD project, the better.
D.7 Attend Training Seminars
The author of this book organizes pf training seminars in Europe. If you are interested in attending or would like him to do a training session in your ofŒces, write to jacek@devguide.net.
A percentage of the income derived from these seminars goes straight to the OpenBSD project.
D.8 Encourage People to Buy this Book
You may not know it, but you already helped the OpenBSD project when you bought this book. The author donates at least 1 USD to the project from the sale of every copy of this book. If you like this book, recommend it to your friends.
302 |
Appendix D: Helping OpenBSD and PF |
|
|
This and other OpenBSD books written by Jacek Artymiak are available from devGuide.net and the following distributors and bookstores:
http://www.devguide.net |
|
(devGuide.net) |
http://www.openbsd.org/orders.html |
(the ofŒcial OpenBSD online store) |
|
http://www.kd85.com |
(kd85.com, the ofŒcial European distributor) |
|
http://www.lehmanns.de |
|
(Lehmanns Fachbuchhandlung GmbH) |
http://www.lmz.at |
(Lehrmittelzentrum Technik GmbH-LMZ) |
|
Bibliography
The RFC documents mentioned in this book are not listed here to save space. They are available at the RFC-Editor webpage:
http://www.rfc-editor.org
CERT Vulnerability notes and Advisories are available at:
http://www.cert.org
Artymiak 2003.
Jacek Artymiak. The OpenBSD Gazetteer. Lublin: devGuide.net, 2003.
Cheswick, Bellovin, Rubin 2003.
William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin. Firewalls and Internet Security. Boston: Addison-Wesley, 2003.
Dooley 2002.
Kevin Dooley. Designing Large-Scale LANs. Sebastopol: O'Reilly &
Associates, 2002.
Farrow 2003.
Rik Farrow. Sequence Number Attacks. Downloaded from: http://www.networkcomputing.com/unixworld/security/001.txt.html, 2003.
Frisch 2002.
Æleen Frisch. Essential System Administration. Sebastopol: O'Reilly
& Associates, 2002.
Gast 2002.
Matthew Gast. 802.11 Wireless Networks: The DeŒnitive Guide. Sebastopol: O'Reilly & Associates, 2002.
304 |
Bibliography |
|
|
Handley, Paxson 2001.
Mark Handley, Vern Paxson, and Christian Kreibich. Network Intrusion
Detection: Evasion, TrafŒc Normalization, and End-to-End Protocol
Semantics. Downloaded from: http://www.icir.org/vern/papers/norm-usenix-sec-01-html/, 2001.
Lamb, Robbins 1998.
Linda Lamb and Arnold Robbins. Learning the vi Editor. Sebastopol: O'Reilly & Associates, 1998.
Limoncelli, Hogan 2002.
Thomas A. Limoncelli and Christine Hogan 2002. The Practice of
System and Network Administration. Boston: Addison-Wesley, 2002.
Malan, Watson, Jahanian, Howell 2000.
G. Robert Malan, David Watson, Farnam Jahanian and Paul Howell.
Transport and Application Protocol Scrubbing. Tel Aviv: IEEE Infocom, 2002. Downloaded from: http://www.ieee-infocom.org/2000/papers/340.ps
Potter, Fleck 2002.
Bruce Potter and Bob Fleck. 802.11 Security. Sebastopol: O'Reilly &
Associates, 2002.
Rosenthal 2003.
Morris Rosenthal. Computer Repair with Diagnostic Flowcharts. 2003
Wessels 2001.
Duane Wessels. Web Caching. Sebastopol: O'Reilly & Associates, 2001.
Wright, Stevens 1994.
Gary R. Wright and W. Richard Stevens. TCP/IP Illustrated, Volume 2: The Implementation. Boston: Addison-Wesley, 1994.
Spurgeon 2000.
Charles E. Spurgeon. Ethernet: The DeŒnitive Guide. Sebastopol:
O'Reilly & Associates, 2000.
Bibliography |
305 |
|
|
Stevens 1994.
W. Richard Stevens. TCP/IP Illustrated, Volume 1: The Protocols.
Boston: Addison-Wesley, 1994.
Stevens 1994a.
W. Richard Stevens. TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX® Domain Protocols. Boston: Addison-Wesley, 1994.
Vesperman 2003.
Jennifer Vesperman 2003. Essential CVS. Sebastopol: O'Reilly & Associates, 2003.
Yuan, Strayer 2001.
Ruixi Yuan and W. Timothy Strayer. Virtual Private Networks: technologies and solutions. Boston: Addison-Wesley, 2001.
Zwicky, Cooper, Chapman 2000.
Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman. Building Internet Firewalls. Sebastopol: O'Reilly & Associates, 2000.
306