Having been an OpenBSD user since OpenBSD 2.7 was released in 2006, I—until recently—administrated several OpenBSD deployments and wrote utilities for the operating system.
Excited about the imminent release of OpenBSD 5.1, I thought to ask OpenBSD owner Theo de Raadt some questions about upgrading from OpenBSD 4.9. I knew Theo was infamous for his short temper, so I made sure to pose my questions intelligently. I sent the email and went to bed.
Let me tell you, I was not prepared for Theo's response.
My mobile phone woke me around 3am. When I answered it, it was someone shouting. I thought maybe they were calling to someone across the room or something and didn't realize I had picked up, but when I tried to get the caller's attention he paused just to start shouting even more loudly.
After I slowly made the caller's accent out, I understood something something about emails and operating systems, and it dawned on me that the caller was none other than Theo de Raadt himself. I immediately regretted sharing my mobile number in the email that I had sent him.
Theo continued screaming and I tried to calm him down and ask what he wanted, but he just grew more furious. Between the volume of his voice and accent, I could barely make out what he was saying. I was so shocked and tired that I hung up, silenced my ringer, and fell back to sleep.
What the fuck?
When I woke up the next morning, I checked my OpenBSD box for a reply from Theo, only believing that he had called screaming at me in the middle of the night because of my phone history. Not only were there a half-dozen emails from him, but someone was remotely pasting web addresses to gory pictures into Konqueror.
After staring at the awful images on my screen for a couple of seconds, I yanked the ethernet cable out of my box and the pictures stopped. After I closed all of the Knoqueror windows, I got into my email.
This was the first email from Theo:
FROM: THEO DE RAADT <DERAADT@OPENBSD.ORG>
SUBJECT: RE: QUESTION ABOUT OPENBSD 5.1
DATE: MAY 1, 2012 00:05:12 CSTI IS IN YOU BOKS, YOU LITTLE KEEF! NOU YOU KNOW WAT SEKURITY IS YOU GEEN-PENIS BITCH!!!1!
And he was just warming up with that one. The next five emails, each sent about an hour apart, got nastier and nastier. Theo attacked me for questioning him about OpenBSD and told me that I could go fuck myself in various ways amidst all-caps profanity.
The latest one had been sent just a couple of minutes beforehand:
FROM: THEO DE RAADT <DERAADT@OPENBSD.ORG>
SUBJECT: RE: QUESTION ABOUT OPENBSD 5.1
DATE: MAY 1, 2012 06:41:19 CSTYOU FOKKEN IDIOOT!!! HOE DARE YOU SAY WAT I DO MET OPENBSD YOU GEEN-PENIS BITCH!!!1! NOU I'LL SHOW YOU PAIN MOTHERFOKKER!!!
Just then my phone started ringing, from an unknown number.
Judging by the spitting and high-pitched, angry yelping, it was Theo again. He may even have been crying, but I couldn't really tell. I started apologizing and asking him to calm down, but he pretty clearly wasn't listening. After a minute of this, he was screaming so loudly that his voice started to cut out and I hung up on him.
He called right back but I didn't answer. He kept calling for the next hour or so until my voicemailbox must have filled up, and then my phone was silent.
I called from my landline to get the voicemails. Afterward, I just sat in shock. In between a bunch of animalistic choking and snorting, he had said things that make the Aristocrats sound like a sunday sermon. How did I go from asking a simple question about upgrading OpenBSD to cyber-hacking and phone harassment?
Theo obviously had a good working knowledge of the backdoors in his operating system. Not daring to use the internet or my phone anymore, I hopped in my car and headed to my police department hoping that they took would take a report of cybercrime seriously.
They gave me a complaint form to fill out and took my statement. They also told me to keep copies of any new communications that Theo sent to me. They also said that the only way to truly avoid someone hacking my computer was to remain offline. Obviously, with an operating system as compromised as OpenBSD, this is the best idea.
For starters, I microwaved all of my OpenBSD install discs. “Only two remote holes in the default install, in a heck of a long time?” Yeah right.
I then invested in another platform and imaged my OpenBSD hard drive before shoving it in the back of my closet under a pile of old, dirty clothes and books. It's there in case the police ever want it for anything, but I'm never touching it again.
Meanwhile, I also got a new phone number (which I will not be sharing across the internet) and a new IP address after a long, awkward call to my ISP.
While doing all of that, I missed the final release of OpenBSD 5.1, which is what led to this whole debacle to begin with. Despite all the changes, I can't see it as anything but a giant pile of broken swiss cheese.
The upshot is this: if you're an OpenBSD user that has a question, don't ask Theo. He might flip out on you. Theo is addicted to anger and feels powerful by getting mad.
Likewise, if you're an OpenBSD user need security, quit using OpenBSD. Forget secret backdoors funded by the FBI, Theo himself keeps holes in OpenBSD so he can fuck with his users!
So much for OpenBSD security; so much for OpenBSD support. I learned my lesson the hard way, and that's why I quit OpenBSD.
