I was interviewed about contributing to FLOSS. Some of the questions were really personal and I’m grateful to have the opportunity to shine some light on my life. Below is the interview in raw format.
I’m the cofounder of the HardenedBSD project and president of the HardenedBSD Foundation, a 501©(3) tax-exempt charitable organization in the USA. I’m also a member of the OPNsense Core Team, helping them improve their security through the adoption of HardenedBSD’s robust, scalable security enhancements and technologies. I sit on SoldierX’s High Council, in charge of our defensive and offensive security research team.
In addition to contributing to HardenedBSD and OPNsense, I work on libhijack and FreeBSD rootkits for SoldierX. There’s a lot of fun offensive research happening with libhijack. My next major goal is to write a remote RTLD (RTLD is short for “runtime dynamic linker”).
I’m 33 now. I started offensive research when I was 13. Back in the days of dialup, there were free dial-up internet services, like NetZero and Juno. In order to use their free service, you had to connect via their adware dial-in software. Being on a 33.6kbit/s connection, those ads took up a lot of precious bandwidth. I learned the very basics of reverse engineering and reversed the dial-in adware. I figured out how it was talking to the modem and how it authenticated with the service. I then wrote a Windows batch script to automate the process. We only had one telephone line. I disabled call waiting. My parents hated me. ;)
My love for tinkering with software continued. When I turned 19, I left the infosec scene (back then, just called the “hacking scene”) for two years to serve a religious mission. When I got back, I focused on defensive work.
I got involved with open source mostly by reading existing code then writing my own open source offensive tools. That lead me naturally to want to write defensive measures in the operating system. I fell in love with FreeBSD in around 2000. I served my mission in 2005-2007. I started work on implementing defensive measures for FreeBSD in 2013, through the HardenedBSD project, which I cofounded with Oliver Pinter at that time. The project became a public project in 2014. In April
I created a tool similar to libhijack, but for private use, prior to leaving on my mission. After coming back, I resumed work on it by rewriting it and eventually porting it to FreeBSD. I later removed Linux support for it, and ported it to arm64. So libhijack supports FreeBSD/amd64 and FreeBSD/arm64. I donated the libhijack project to SoldierX and became a member on their High Council.
The work with OPNsense came about because I wanted to run pfSense based on HardenedBSD, not based on FreeBSD. However, pfSense ultimately rejected my offer to help them adopt HardenedBSD while OPNsense accepted the same offer. As of January 2019, OPNsense is now fully based on HardenedBSD!
I have a really patient and supporting wife! ;)
Working to both maintain and improve HardenedBSD is a full-time job. I put in a minimum of forty hours per week on HardenedBSD, with most of that time being on the weekends. None of my work in open source is done on company time, so all of my contributions are in spare time.
I also have medical issues, chronic migrains and depression. I cherish those times when I feel good and can contribute in meaningful ways.
My brain hates it if I get less than ten hours of sleep per night due to how hard I work it during the day. However, I usually get around 6-7 hours per night.
As children, we hate naps. As adults, we can’t get enough of them. ;)
I don’t have a good balance. That is something I need to work on. There are times when I feel burnt out, but then I remember why I do this work in the first place. It’s for a few reasons:
There’s many ways to contribute. Contributing doesn’t necessarily mean development. Here’s a few ways to contribute to a project:
I think I answered this question above. Whoops! Essentially, contributing to open source is my way of giving back to those who taught me so much and a way of saying thank you. As a side affect, my contributions help fill gaps.
I still face obstacles. I take the attitude that “I’m a newb.” There’s always something more to learn. There’s always something about which I have an incorrect assumption. There’s always something of which I’m ignorant.
I try to overcome challenges by learning about them. I may fail occasionally, and that’s fine. Eventual success sometimes comes with failure. As Mythbuster’s Adam Savage says, I only want to work with those who have failed in some way, and aren’t afraid to admit the failure and learn and grow from it. It’s through that learning process that we not only gain success, but also learn what was originally needed for that success.
Let’s learn and grow together. Let’s uplift and community and make tomorrow a better place for everyone around us, and potentially people we don’t know and never will. That’s the fun thing about open source: our contributions could help people in ways we don’t understand.