Theo de Raadt gets 2004 FSF Award

Caligari writes "Richard Stallman, presents this year's award to Theo de Raadt. "For recognition as founder and project leader of the OpenBSD and OpenSSH projects. Theo de Raadt's work has also led to significant contributions to GNU/Linux and other BSD distributions. Of particular note is Theo's work on OpenSSH. Theo's leadership of OpenBSD, his selfless commitment to Free Software and his advancement of network security, were cited by this year's award committee.""

Re:GNU/Linux and other BSD distributions?

"leader of the OpenBSD and OpenSSH projects. Theo de Raadt's work has also led to significant contributions to GNU/Linux and other BSD distributions"

notice the word "ALSO"? So his work has ALSO contributed to GNU/Linux and other BSD distributions BESIDES the BSD distribution OpenBSD.

try to read next time!

BSD and FSF?

[diegocgteleline.es]

FSF people giving an award to a BSD guy? Delete this new, it's not 1st April tooday!

Re:BSD and FSF?

[whitespacedout]

That's pretty cool of Stallman really. Showing respect and recognition to the importance of BSD, despite their mutual differences in ideology about what constitutes truly free software.

Re:BSD and FSF?

[jbolden]

They've done this quite a bit in the past in terms of licenses:
(The following uses GPL for LGPL... and BSD for BSD, X...)

2004 Theo de Raadt (BSD)
2003 Alan Cox (GPL license)
2002 Lawrence Lessig (ALL)
2001 Guido van Rossum (Python license / BSDish license)
2000 Brian Paul (X license/BSDish )
1999 Miguel de Icaza (LGPL/GPLish)
1998 Larry Wall (Artistic/ closer to BSD than GPL but...)

Re:BSD and FSF?

[fsmunoz]

Actually the differences in ideology between the GNU and BSD developers are more in the outlook and means than any other thing. Free software is free software for both camps, and most sane people in both sides shares a common idea of what free software is. The licences, that are generally the main difference between the two, try to achieve an end using different approaches, but all in all both GNU and BSD people are great contributors to a common free software community. The noise many times created is more on the "newly convert" section of each side :).

It's IMHO rather silly to watch the flame wars between the GNU/Linux and *BSD sides when there is so much more that unites us than what divides us. This award make perfect sense. In the end a gnu, a penguin and a daemon can sometimes be noisy neighbourghs, but in the end they stick together to defend their building. Shitty alegory, I know, eh.

cheers,

fsmunoz

Re:BSD and FSF?

[Cylix]

This reads like an open source hit list.

Re:BSD and FSF?

[Bastian]

In the end a gnu, a penguin and a daemon can sometimes be noisy neighbourghs, but in the end they stick together to defend their building.

They may be friends, but that doesn't change the fact that nobody has a &@$% clue how to pronounce 'gnu'.

Re:BSD and FSF?

[blixel]

They may be friends, but that doesn't change the fact that nobody has a &@$% clue how to pronounce 'gnu'.

(GNU is a recursive acronym for "GNU's Not UNIX"; it is pronounced "guh-noo.")

Re:BSD and FSF?

[whitespacedout]

Most sane people in both sides shares a common idea of what free software is.

Tsk. Most sane people don't actually know the difference. I think the difference is important enough to worry about.

The freedom of BSD has the danger of making you a prisoner of its distributed derivatives. GPL guarantees your freedom on distributed derivatives. That's why MS likes and uses BSD - because it can be used to lock you in - but fears the GPL - GPL code belongs to you for the asking. That is also why GPL will eventually out-evolve all other software.

Re:BSD and FSF?

[Bastian]

You pronounce the G? Then what's this "New Linux" I keep hearing about all the time?

Re:BSD and FSF?

[byolinux]

You pronounce the slash too. GNU Linux suggests that the FSF wrote Linux :)

Re:BSD and FSF?

[Bastian]

But guh-noo-slash-lih-nucks makes it sound like there's some new FSF distribution called Slash Linux!

Re:BSD and FSF?

[0racle]

If you choose to distribute BSD licensed code, your stuff doesn't become less free because you chose to allow those distribution terms. You are only a 'prisoner,' as you said, of your own right to choose how to distribute some code. The GPL has numerous restrictions placed upon how you can use GPL software that the BSD license doesn't, therefore it grants far more freedom to everyone. The GPL is not a magic bullet and is not suitable for all situations, and simply having a 500 page license behind your software does not make it any better then anything else or guarantee that it will 'out evolve' anything else.

BTW, care to explain how MS locks me in by using BSD code that I can go and pick up just about anywhere else.

Re:BSD and FSF?

[Dwonis]

guh-noo-over-lih-nucks or guh-noo-on-lih-nucks or deb-ee-en works quite well. ;-)

Re:BSD and FSF?

[whitespacedout]

0racle said:
BTW, care to explain how MS locks me in by using BSD code that I can go and pick up just about anywhere else.

That's more or less illustrating the point that you and most sane people don't really understand the difference between the freedoms of BSD and GPL

To answer your question though, here is an example:

In the mid 90s When it was time to put in a network layer into MS windows, MS decided to take some BSD code. They then took standard protocols like Kerberos, DNS, DHCP etc and tweaked them to work MS style so that people would be locked in to using the MS versions only. It was an intentional interoperability problem to make things work MS-to-MS but not MS-to-nonMS. It was part of the MS policy of embrace extend and extinguish, a policy that is elaborated in their leaked "halloween" document.

You can't get hold of the propietary, extended code for windows networking to fix the operatability problem without NDA etc. You can only guess the BSD code up to the moment of forking. After the fork point, the code has been tweaked and closed and used to build a system that tries to lock you in forever after. That's the kind of danger the GPL protects you against.

The restriction of GPL protects the coders in the long run.
The freedom of BSD can restrict the coders in the long run.

Re:BSD and FSF?

[jbolden]

This version of history is totally false. Where are you getting this?

1) All the major GPLed projects from 15 years ago are more succesful today than they were then (with the exception of EMACS)I I can't think of any major GPL projects which have then languish when contrasted with similar BSD projects.

2) X11 is the classic counter example to corporate contributions. The entire reason the XFree86 project started was that the open source version of X11 was
a) unworkable on any platform
b) Didn't meet the specs in use by the commercial version of X

3) FreeBSD was also a fad during the 90's. The reason that major corporations came on board with Linux was quite explicitly the GPL. SGI did not want a version of XFS better than what they had being sold, they were willing to create XFS for Linux but not to allow others to improve it without giving those improvements back to SGI. Similarly with GCC, KHTML....

4) It is most certainly the case that BSD licenses have proven to be better at creating open standards that commercial software follow (your example of BSD sockets).

Re:BSD and FSF?

[kirkjobsluder]

You can't get hold of the propietary, extended code for windows networking to fix the operatability problem without NDA etc. You can only guess the BSD code up to the moment of forking. After the fork point, the code has been tweaked and closed and used to build a system that tries to lock you in forever after. That's the kind of danger the GPL protects you against.

Not really. The existence of a BSD reference standard for Kerberos may have made such a fork easier to produce, but the GPL does not prevent a company from adding incompatible extensions to a protocol. A company can always start with their own clean-room implementation. Blaiming the extension of Kerberos protocol onto the license of one existing implementation rather than the predatory actions of a company that has also sought to "embrace and extend," HTML, SMTP, and SQL seems a bit odd.

Secondly, I would argue that if you look at the history of Kerberos, that the MIT license did much more good than harm. The GPL was only recently released when Kerberos was developed, and the LGPL, probably a more appropriate license did not exist. At the time, there were thousands of people using plain-text passwords transmitted over insecure networks. The MIT license permitted incorporation of Kerberos code into Solaris, AIX, and HPUX (GNU/Linux did not exist either), and clients for Macintosh and Windows. Given the need to rapidly standardize on a secure login protocol, releasing under the MIT license rather than a more restrictive license was a good choice.

Re:BSD and FSF?

[Ded+Bob]

You can't get hold of the propietary, extended code for windows networking to fix the operatability problem without NDA etc. You can only guess the BSD code up to the moment of forking. After the fork point, the code has been tweaked and closed and used to build a system that tries to lock you in forever after. That's the kind of danger the GPL protects you against.

If Microsoft does not use the code, they invent their own protocol. When Microsoft uses BSD code as a basis, they are at least easier to guess or work around. How long has it taken the people working on Samba to under all of the SMB protocol? Many years at least. Even Stallman has said the BSD license is good for standards.

BTW, the network stack in Windows has not been based on the BSD code for years.

The restriction of GPL protects the coders in the long run.

Protects coders from what? For example, when Microsoft embraces and extends a protocol (i.e., Kerberos, DNS, DHCP), they have no need for the source. They break the protocol. The GPL nor any other open source license would have power against that. You would need a patent (yuck).

The freedom of BSD can restrict the coders in the long run.

This is never true. I never need to use a proprietary vesion of open source. Which version of Kerberos do you use? With BSD-licensed code, I have very few restrictions placed upon me as a coder. Fewer than using GPL-licensed code.

Re:BSD and FSF?

[whitespacedout]

Not really. The existence of a BSD reference standard for Kerberos may have made such a fork easier to produce, but the GPL does not prevent a company from adding incompatible extensions to a protocol

Oh, a company is free to do that. But with GPLed code, fixing an incompatible extension is really easy. Fixing a closed, tweaked former BSD code is a nightmare. With GPLed code, the moment a company with said GPL code tries to add incompatible extensions to a protocol, it is made compatible again by others. If the company code goes completely daft, the code can always fork away from the daftness. Ie, a company can not succeed in trapping people in a lock-in with GPL.

Given the need to rapidly standardize on a secure login protocol, releasing under the MIT license rather than a more restrictive license was a good choice. Absolutely. That kind of licence had a value when GPL was not around. In that sense BSD and Theo certainly deserve their recognition and respect.

Re:BSD and FSF?

1) Most software projects that still exist are more successful than they were 15 years ago. An obvious example of a liberally-licensed project with GPL-licensed competitors is Apache. Apache has been so successful that GPL-licensed web servers are virtually ignored/forgotten. Vim is also licensed fairly liberally, and is far more popular than any of the GPL-licensed vi clones have ever been. There are numerous other examples.

2) That isn't a counter example at all. Without corporate backing, there would have been no open X code from which to build XFree86 or the X.org implementations of X. The same thing could be said of Mach, which in most cases required a lot of effort to make usable, but was nevertheless available to everyone because of a liberal licence.

3) FreeBSD was never a fad: mention of it outside of the technical media was virtually nil, where as nearly everyone with a computer heard of Linux (and most non-technical people I've spoken with think it's much better than it actually is). One reason companies like SGI and IBM donated code to Linux is the GPL, yes, because it prevents their competitors using that code, so is seen as a modest loss. However, the corporate backing that really mattered was when major firms decided to use Linux (and nothing would have stopped SGI, for example, contributing XFS to FreeBSD with a restrictive licence anyway). Linux achieved critical mass because of hype (during the 1990s, it was generally inferior to FreeBSD, for example, from a technical perspective), and it now benefits from the same sort of network effect as Windows, but on a much smaller scale. The licence really had nothing to do with that success.

Despite its popularity, Linux still isn't generally profitable, owing to the decision to licence it under the GPL. That's why, for example, SuSE had to get funding through acquisition by Novell. In the long run, hardware companies may be able to make money from it, if they're able to use it to remove the value of independent OS vendors (hence the interest of IBM, SGI, et al.), but it's unlikely that developing GPL'd software itself will ever be a viable business.

4) Yes, and open standards are, in general, what make open source software useful. If everything had to be reverse-engineered the way the Samba team have reverse-engineered SMB, progress would have been much slower. This is probably what would have happened if the reference implementations of the major Internet standards had been licensed under the GPL.

Re:BSD and FSF?

[0racle]

Yes it is a problem that I have to have one network and one internet for my Windows machines and another for my Unix boxes. Oh wait, thats right, they both use the TCP/IP standard. Well, at least your right that I can't have my linux box auth against the AD using kerberos or LDAP. Holy shit it worked, must be those standards again. At least you were right that I can't use an MS DNS or DHCP server to serve Linux clients, or use Bind for the DNS operations of the Active Directory. Nope, hm wrong again. So again, MS using standards and BSD software locks me in how? Exactly what interoperability problems were you referring to?

You can't get hold of the propietary, extended code for windows networking to fix the operatability problem without NDA etc. You can only guess the BSD code up to the moment of forking. After the fork point, the code has been tweaked and closed and used to build a system that tries to lock you in forever after. That's the kind of danger the GPL protects you against.

This is not a danger, this is explicitly allowed under the BSD license. The only danger is people that release BSD software without knowing what that entails. As others have said far better then I can, the GPL is about control. It has been created by people that have a very specific vision about how things should be and the GPL enforces that. For some people that do not subscribe to the same altered view of the word freedom, the GPL is restrictive. The BSD license is for people that simply want to write code and have it used. Both have their place, but to say the GPL is more free is a joke, and that the BSD somehow locks in people that CHOSE to use it, and remember once free software was about choice, is retarded. If you are going to whine that some company is using your BSD licensed code, you have no one to blame except yourself, you chose to distribute under those terms.

Re:BSD and FSF?

[jbolden]

1) I don't think its reasonable to cite either vim or apache as an example. In both cases you had a BSDish project which was succesful and then GPL projects which tried to appeal to niche markets. That is only likely to be succesful if Apache or Vim were to fall down. Incidentally Brian did change the license on vim so that is was GPL compatable.

2) XFree came from the MIT code which wasn't corporate. Where is this corporate code?

3) othing would have stopped SGI, for example, contributing XFS to FreeBSD with a restrictive licence anyway

Sure this is. The BSD don't allow GPLed code in the kernel.

during the 1990s, it was generally inferior to FreeBSD, for example, from a technical perspective

I was a heavy Unix user all during the 1990s with Linux starting from '96. I had tried the BSDs around '93 and there were terrible as constrasted with SunOS/Solaris and AIX (which is what I had been using). By '96 the BSDs might have been better but...
a) They were really difficult to install
b) The distributions were limited
c) The hardware support was already far worse than Linux's.

If "from a technical perspective" you mean the design was better, the documentation was more organized or the kernel had a few extra features then yes the BSDs were better than Linux. But for a desktop Unix on x86 hardware for a Unix applications user (which is the niche that linux was in during the mid 90s) there is no question that Linux was far, far better.

As for developing GPLed software being a viable business. I'm not so sure. Consider the case of QT, MySQL or RedHat. In the case of MySQL the restrictiveness of the GPL forces people who enhance MySQL based applications to buy the commercial license. Similarly QT is able to maintain excellent open source applications but commercial software companies pay full price. As for RedHat services + convience seem to have worked very well.

Re:BSD and FSF?

[808140]

If you think about it, one of the primary differences between the GPL and BSD is whose freedom the license intends to protect. It's a subtle thing, but true nonetheless.

The BSD license intends to protect the freedom of the programmer, whereas the GPL intends to protect the freedom of the program.

The GPL is not concerned about developer's rights, unless the developer's core values vis-a-vis the freedom of the program closely follow the ideology of the GPL. For example, I (as a Free Software advocate) feel that the GPL protects my rights, but that's mainly because I don't consider the right to close a program to be one that is socially beneficial, rather the way I don't consider, say, theft to be socially beneficial.

The BSD license, on the other hand, ensures that the person who has the program may do whatever they want with it, including relicense it under virtually any license they feel like. So in this case, the developer's rights to do what he wants are protected, at the expense of the rights of the program.

It may seem strange to think of a program, essentially a piece of mathematics that is by nature abstract, as being an entity deserving rights, but if you actually read RMS you'll realize that's very much how he views the world.

So it really isn't a matter of one being more free than the other, in my personal opinion -- rather, it's a matter of whose freedom we are protecting. If you are concerned about the program being Free, BSD is a poor choice for a license, because there's a good chance large portions of the program will be co-opted (enslaved, if you will, in keeping with the "freedom" analogy) into a derivative work that is not itself free. The GPL will ensure that the program (and all its derivatives) will ever be free, but you as the developer must accept certain restrictions in order to ensure that freedom.

For what it's worth, I don't think either view is necessarily wrong, but they have different goals -- and therefore different means when it comes to reaching those goals.

If you value the freedom of an individual, BSD is very much for you. Very libertarian in nature. If you value freedom for the program, which essentially translates to guaranteed freedom for the community, then the GPL is for you (which is perhaps a much more socialist view). I generally fall into the latter category, but it hasn't stopped me from extensively using BSD (OBSD in particular).

Re:BSD and FSF?

[jbolden]

When Gnome was founded and Miguel was active QT had a "free for non commercial use" license. More importantly KDE had a license which was self contradictory. I quote Miquel source of quote

Q - What about the new Qt license?

A - "I'm very happy that they decided to GPL it," said Miguel, who is also on the board of the FSF. "It can only be considered a win for free software. So all in all, it's a big thing.

Re:BSD and FSF?

[whitespacedout]

Yes, protocol and implementation are different animals. But the point is really that MS-Kerberos being based on BSD code allows lock-in. GPL avoids that pitfall.

Re:BSD and FSF?

[whitespacedout]

When Microsoft uses BSD code as a basis, they are at least easier to guess or work around.

Sure, that's nice (though not exactly intentional). But the code licence also helps them embrace, extend, extinguish - a policy MS pretty much documented in the leaked Halloween memo. EEE is bad for everyone other than MS. GPL protects against EEE, which is good for everyone - including MS, if they had based themselves on GPL to start with (which they haven't, so BSD is better for them).

How long has it taken the people working on Samba to under all of the SMB protocol? Many years at least. Even Stallman has said the BSD license is good for standards.

Yes, standards are good. The BSD licence is good for standards but allows EEE. The GPL is even better, because any EE can never become EEE.

BTW, the network stack in Windows has not been based on the BSD code for years.

How do you know? Have you looked at the code? Just curious. AFAIK, windows 2000 was the last implementation that could be proven beyond reasonable doubt to be BSD base. I don' t have any idea of what the status of XP is. But whatever the status, the way EEE works still stands in 2005 as much as it did in 2000 for all BSD licenced stuff.

[...GPL...] Protects coders from what? For example, when Microsoft embraces and extends a protocol (i.e., Kerberos, DNS, DHCP), they have no need for the source. They break the protocol. The GPL nor any other open source license would have power against that. You would need a patent (yuck).

If MS were using GPL and EEd a code, it wouldn't work. It would be so counterproductive to EEE that it would remain at EE. With a BSD base MS can EEE and it gets very hard to prevent it after the source is fenced off. That's what GPL protects you against. As for patenting stuff that is based on a GPL-code, section 7 of the GPL v2 protects GPL users against patent restrictions. (Basically, section 7 says patented GPL stuff grants patents use to GPL users.)

So, no, Ded Bob, the magic GPL powers can only be used for Good.

me: > The freedom of BSD can restrict the coders in the long run.

Ded Bob: This is never true. I never need to use a proprietary vesion of open source.

You may be able to dodge it, but most people do use MS windows, hotmail, outlook, IE and are locked in, which means most coders are developing and using proprietary stuff.

Which version of Kerberos do you use? With BSD-licensed code, I have very few restrictions placed upon me as a coder. Fewer than using GPL-licensed code.

The restriction is that BSD-licenced code can be taken away, mangled and used to frogmarch others in a proprietary direction that harms you by making interoperatability hard.

I am curious: What exactly don't you like about GPL? How does its freedom harm you in the long run? Or short run for that matter?

Re:BSD and FSF?

[versus]

Well, at least your right that I can't have my linux box auth against the AD using kerberos or LDAP. Holy shit it worked, must be those standards again. ... Exactly what interoperability problems were you referring to?

AFAIK, you can't authenticate Win2k workstations to Kerberos server other than A - due to MS "extensions" to their Kerberos implementation. SDK to these extensions was published under NDA-like license, preventing free software developers from adding support to free Kerberos implementations.

Re:BSD and FSF?

[Eunuchswear]

if by "the importance of BSD" you mean that most GNU projects essentially forks of BSD packages, then yes, you're right.

For extra points complete these sentences:

gcc is a fork of ...

emacs is fork of ....

Re:BSD and FSF?

[0racle]

you can't authenticate Win2k workstations to Kerberos server other than A - due to MS "extensions" to their Kerberos implementation.

Yes, actually you can, and Microsoft supplies the tools on the Windows 2000 CD's to do it.

Re:BSD and FSF?

[kan]

No, the point was that if BSD-licensed prototype didn't exist, Microsoft would have implemented its own 100% proprietary code. The existence of GPLed code is equal to no code at all for them.

Re:BSD and FSF?

[kan]

> GPL protects against EEE
How does it do that? By forcing commercial vendors to come up with totally proprietary solutions this rendering GPL code completely irrelewant in the long run? GPL is good for _killing_ standards with its Magical Powers.

Re:BSD and FSF?

[gallir]

Insightful this piece of shit?

> If you choose to distribute BSD licensed code, your stuff doesn't become less free because you chose to allow those distribution terms.

We are talking about derivative work.

> The GPL has numerous restrictions placed upon how you can use GPL software that the BSD

FUD. GPL does _not_ impose _any_ restriction on how you can use the software.

> BTW, care to explain how MS locks me in by using BSD code that I can go and pick up just about anywhere else.

Yoy cannout pick any BSD derivative code if MS does not want to realease under a free license. BSD allow them no to do it.

Re:BSD and FSF?

[whitespacedout]

I said

GPL protects against EEE

Kan said

How does it do that? By forcing commercial vendors to come up with totally proprietary solutions this rendering GPL code completely irrelewant in the long run? GPL is good for _killing_ standards with its Magical Powers.

I don't understand why you think GPL "forces" commercial vendors that way. Can you give an illustrative case?

On the other hand, consider MS Word, Netbeui, and smb, which are proprietary solutions.

The GPL did not force the MS windows word "standard", or netbeui or samba. The monopolistic nature of a proprietary, closed source MS was pretty obviously the origin of that.

It's how things evolve naturally, when you come to think of it. Proprietary standards are encouraged by proprietary code. The nature of GPL encourages open standards.

But people are nonetheless free to trap themselves into a closed "standard" so they can be frog-marched into upgrade cycles with crazier and crazier EULAs. Sheep are equally free to run around in their pasture too before they are shorn of their wool and slaughtered.

You are welcome to a world with that kind of freedom. I prefer a different kind of freedom.

Re:BSD and FSF?

[jbolden]

loads of GNOME people said it wasn't good enough because Qt didn't let you build proprietary applications with it without paying.

The question was about Miguel and I found the quote from him at the time.

Re:BSD and FSF?

[whitespacedout]

Yes it is a problem that I have to have one network and one internet for my Windows machines and another for my Unix boxes. Oh wait, thats right, they both use the TCP/IP standard.

I said mid 90s in that post. I was also not talking about TCP/IP. Still, now that you mention it, I'd like to point out that TCP/IP was an open standard which MS and Novell tried to replace with their own (netbeui/ipx) before the web really took off.

Well, at least your right that I can't have my linux box auth against the AD using kerberos or LDAP. Holy shit it worked, must be those standards again.

Again, I was talking mid 90s. LDAP was a fledgling open standard at the time when MS tried to pre-empt it with its own AD.

At least you were right that I can't use an MS DNS or DHCP server to serve Linux clients, or use Bind for the DNS operations of the Active Directory. Nope, hm wrong again.

Again, back in the 90s DHCP was an open standard. MS win 2000 had a DHCP client that only talked nicely to its MS version in windows 2000 (IBM banned the use of win 2000 in production machines as a policy because of this). And DNS was the open standard which WINS tried to preempt with added netbeui goodness in NT4.

Do you see a pattern here?

So again, MS using standards and BSD software locks me in how? Exactly what interoperability problems were you referring to?

If you cannot see the pattern, then you are completely missing the way tactics being used and abandoned if necessary to advance MS strategy.

I am talking about the extend and extinguish phase. You are talking about the embrace phase.

Of course everything is going to interoperate ok when MS tries to stick to the standards that are pervasive nowadays. In the 90s MS was trying to embrace, extend and extinguish those particular standards pretty blatantly. I was drawing a lesson from history, the lesson being that if MS has a chance to lock people into their own proprietary standard it will pursue it. I am not making it up. The history of MS behaviour shows it. The Halloween memo documents it. The courts say MS is a convicted monopolist. I repeat, the lesson is that if MS has a chance to lock people into their own proprietary standards, it will pursue it.

GPL protects you from that lock in.

BSD feeds the very hand that tries to lock you in.

But, hey, it's a free country, and I respect your right to <heavy-metaphor patronize="on">plait the rope that the guy in the black mask and his mob of yokels will try to throttle you with. GPL/FSF will be the cavalry that saves your neck from getting stretched if that happens </heavy-metaphor>.

Re:BSD and FSF?

[fsmunoz]

Ahahah, nicely put :)

And you're correct, English isn't my first language, but that kind of faulty constructs are more a result of writing hastily and without making a good enough revision than of not knowing the language. I wrote as I thought, and so repetitions crept in.

In the end it doesn't really matter though, because in the end the main point was made :)

Linus Torvalds?

Looking at past winners, no doubt they all deserve it .. but what about Linus Torvalds?
Is there a reason he didnt get this award?

That said .. OpenSSH rocks. Theo de Raadt and everyone else who contributes to OpenSSH should be proud.

Re:Linus Torvalds?

[Hope+Thelps]

Looking at past winners, no doubt they all deserve it .. but what about Linus Torvalds?
Is there a reason he didnt get this award?

I don't know whether this is still the policy, but from memory they originally aimed for this award to go to people who hadn't already received other awards for their work on free software. Linus has so wouldn't be eligible.

Re:Linus Torvalds?

[Pflipp]

Another reason could be that Linus is an a-political OSS writer, while the FS Award seems to be oriented at ideology. Last year's winner, IIRC, was Lawrence Lessig. I've never used a line of software he's written, but he's going all the way for FS ideology.

Nevertheless, there's no such thing as a perfect match for an award winner (prove the Nobel Prices for Peace :p), and it cannot be denied that Linus has done his share.

Re:Linus Torvalds?

[HanB]

I don't agree with modding down the parent.

You get a reward to be put in the spotlight. To introduce someone you didn't really know or did not yet see the full quality of his work.

Linus is already fully in the spotlight.

Re:Linus Torvalds?

[Hope+Thelps]

Another reason could be that Linus is an a-political OSS writer, while the FS Award seems to be oriented at ideology. Last year's winner, IIRC, was Lawrence Lessig. I've never used a line of software he's written, but he's going all the way for FS ideology.

I'd say that Theo is much further from the FSF's ideology than Linus is. Linus at least likes the GPL.

Re:Linus Torvalds?

[fanatic]

Not until he changes his name to GNU/Linus.

JUST KIDDING!

Re:Linus Torvalds?

[808140]

Hardly. Theo wouldn't give a free software award to RMS, perhaps, because he considers GPL licensed code to be less than Free, but RMS considers BSD-licensed code to be Free, and he's the one giving the award.

Despite their differing views on what constitutes Free Software, though, both men are largely motivated by ideology. Consider Theo's reaction to the ipf debacle, his response to the XFree86 license change, and his appeal to the community to help fight the good fight against wlan cards that require non-freely redistributable binary firmware to function. This man is every bit as committed to software freedom as RMS is.

Linus, on the other hand, has stated publically on many occasions that he sees nothing wrong with proprietary software, and uses BitKeeper (a proprietary version control solution) to manage the Linux kernel tree (rather than say, CVS or Subversion) because, in his words, "it's better".

Without passing judgement, it is very clear that Linus values convenience above principle. This is part of the reason so many Slashbots like him: he is, in their minds, "refreshingly" a-political.

Whatever their differences, RMS and Theo are both idealistic. They are primarily motivated by their desire for Freedom, not because they want to produce the best system ever (although that may be true as well).

To me, RMS giving TdR this award is absolutely appropriate, and while I didn't expect it, I'm very pleased. I would be very surprised if Linus were named, and to be honest, I would be a little disappointed.

Not that I have anything against Linus, mind you -- he's a brilliant guy -- but at the core, he's an engineer, and so awarding him for his commitment to the ideology of Free Software would go rather against the grain, imho.

Re:Linus Torvalds?

[epine]

I've been personally involved with all these technologies. In my shop, we run two OpenBSD firewalls, one on each available broadband service. Our automated build system is based on SCons, and our scripts make heavy use of rsync internally. Our embedded surveillance project runs Linux which we compile in a chroot build environment along the lines of scratchbox (but scratchbox didn't exist when we started). We also have an ARM7 microcontroller in our product running on top of the GNU tools compilation environment, with some structural similarities to eCos/Redboot. Have I missed anyone?

I have a coworker here educated at the U. of Calgary (where I grew up myself) who knows (but does not enjoy) Theo through overlapping social circles. We had a short debate just a few weeks ago over a spicy Sichuan lunch special about where the boundaries between competence and personality belong. My coworker suggested "couldn't he accomplish as much without pissing people off?" I countered, "for someone with a knack for pissing people off, he retains some of the smartest out there within his circle. How does he do that?" There's a line I once read in Drucker that I've taken to heart "you're not in business to win friends". For me, the bottom line is that Theo delivers, and I admire the end results of his zealous rigour (regardless of where one might choose to draw the line between those qualities).

Before I became involved in this shop, I studied computational linguistics, which brought me into contact with just about everything in the area from which rsync originated. I was depressed that Tridge had to lose the award he deserves as much (well, almost as much, although it pains me to say it).

I've read all the benchmarks over the past year that show how OpenBSD is as slow as a senile dog. Whatever. For the purpose we employ those boxes, we've never had an iota of concern over performance level except for the negotiation phase on https. Guess what? Once Via/IBM finally coughs up the C7 Esther, OpenBSD running on a steroid enhanced 486 will crush the most expensive present day Pentium IV on our most essential performance metric.

The odd thing about OpenBSD, which many people never manage to assimilate, is that you have to look at that project through a very narrow gun turret to realize just how much they accomplish by entirely ignoring the whingings from everyone else.

It's an odd day in my personal universe to see RMS pat Theo on the back. I guess it takes one to know one after all.

Re:Linus Torvalds?

[Santana]

Whatever their differences, RMS and Theo are both idealistic. They are primarily motivated by their desire for Freedom, not because they want to produce the best system ever (although that may be true as well).

I agree on everything else but that paragraph. BSD (and so TdR) is all about making ALL software BETTER. That is the importance of free sofware in the BSD cosmovision.

Re:Linus Torvalds?

[Eudaemonic+Pie]

Theo would just like to say GNU/thanks to RMS for his GNU/special GNU/award, and is going to have a lovely GNU/beer in GNU/RMS's honor. Thank is GNU/all.

Re:Linus Torvalds?

[dronkert]

what about Linus Torvalds? Is there a reason he didnt get this award?

Why did Scorcese never get the Oscar?

Re:Linus Torvalds?

[Hecatonchires]

Cool comment. What is the C7 Esther?

Re:Linus Torvalds?

[nacturation]

Are you feeling lucky?

Re:Linus Torvalds?

[Hecatonchires]

I went and did that after I posted - its some kind of next gen via chip

Re:Linus Torvalds?

[releppes]

Yeah, but he would have to pay for his own GNU/beer! However, he's free to talk about it all he want's.

He deserves it !

[rainer_d]

Whatever you think about his personality - I think most people vastly underestimate the contributions OpenBSD makes to the Free Software World.
Not only from a pure lines-of-code point-of-view, but also by the way the OpenBSD-project scrutinizes licenses and pushes security and cryptography forward every day.

Congratulations, Theo - keep on fighting !

Re:He deserves it !

[yarbo]

But as far as I've read, it doesn't seem like any upstream providers (ipf, Apache, Bind, etc...) accept their packages. OpenBSD is making extremely secure software and an extremely secure system, but few people seem to be accepting their help.

Re:He deserves it !

[Clover_Kicker]

Everyone and their cousin includes OpenSSH in the base install these days.

pf is now available for FreeBSD and NetBSD, so some of this work benefits other people.

Re:He deserves it !

[OttoM]

Not true. A lot of upstream providers (sendmail, bind and more) have taken diffs submitted by OpenBSD developers. Apache is an exception.

Theo responds in typical BSD fashion...

[Mr+Ambersand]

..by refusing the award on the grounds that the GNU license "isn't free enough". ;-)

speech?

[mistermark]

Does this mean Theo gets to speech? I can't wait to hear him rant on a stage :-)

He killed telnet!

[ftoomch]

Imagine a world without the networking Swiss Army knife that is ssh.

OpenBSD is a totally underrated OS too. Even if it is a bit slow, its packet filter actually works.

Re:He killed telnet!

Err, the Swiss army knife of networking is netcat, not ssh. And besides, Theo has nothing to do with the creation of ssh. He (and dozens others, of course) implemented a free version of it. So, if anyone, it was Tatu Ylonen who killed telnet.

Re:He killed telnet!

[BJH]

Yes, but then Ylonen went on to try and kill the beast he'd created by taking it non-free.
If it wasn't for Theo and his posse, we'd all still be using a cranky, buggy, unsafe release of SSHv1.

Re:He killed telnet!

[ftoomch]

I didn't realize that the netcat people had trademarked that name. Seriously though, I just used this metaphor to show that ssh is not just a secure way to log in to some server (and I have heard it referred to as a Swiss Army knife before, by the O'Reilly people no less).

I didn't say he did invent ssh, but I believe he has been the main popularizer of it by giving all and sundry a free version of it.

Re:He killed telnet!

[dasunt]

Err, the Swiss army knife of networking is netcat.

While netcat describes itself as a swiss-army knife, ssh has a nice set of tools.

Lets say I bring my laptop to a cybercafe, and I realize I want to check my email at home. I can ssh to my server (all ports blocked except 22), and forward ports 25 and 143 to my laptop.

After I'm done reading my email, I may want to launch an X client from my desktop. 'ssh -X -C server', then on the server, 'ssh -X desktop' and launch my client.

What about doing someting on that pesky win32 box with vnc running? Its on its own private subnet. ssh myserver.com -L 5900:10.0.0.1:5900. Guess where port 5900 on my local machine is pointing to now?

Combine all of that with scp and ssh-agent and you have a powerful set of tools.

netcat is nice, but it lacks encryption. nc + ssh is a nice duo -- letting ssh set up an encrypted tunnel, and using nc to communicate through that tunnel.

Re:He killed telnet!

[endx7]

He (and dozens others, of course) implemented a free version of it.

It's not even his implementation originally. OpenSSH is a fork of the original ssh.com code before it went closed source. I do imagine many parts of it have been rewritten though.

Re:He killed telnet!

[drinkypoo]

ssh is a sort of Unix remote swiss army knife, whereas netcat is the TCP/IP swiss army knife. (Maybe UDP too, I have to admit I've never used netcat and only read the manpage once or twice.) ssh does everything rsh did, plus what rlogin does, plus it lets you create encrypted tunnels. That's pretty amazing. You can use ssh to move files from one system to another like so:

tar cvfz - files | ssh user@host '( cd /where/I/want/files ; tar xvfz - )'

In other words, the same thing as rsh, except it's encrypted which means you can safely use it over the internet. rsh brought computers on a given network together, and ssh brings computers cross WANs together. Sure you can do the same stuff with rsh, and then get rooted.

Re:He killed telnet!

[burns210]

Why not just use the scp (secure copy) command?

Re:He killed telnet!

[drinkypoo]

Piping a tar through ssh is much faster than scp when copying multiple files. Granted, you could tar the files, then scp the tar, but this avoids that necessity. Also, if the copy fails in the middle, you can do a find on the target location, put the results in a file, and ship that off to gnu tar as a list of files to exclude so you can pick up where you left off.

Re:He killed telnet!

[evilviper]

netcat is the TCP/IP swiss army knife. (Maybe UDP too, I have to admit I've never used netcat and only read the manpage once or twice.)

Yes, netcat does UDP too. It's funny that you are promoting it here, having never used it... Says a lot about /. doesn't it?

Netcat is a great tool, and has many uses. However, SSH is every bit as useful, if not moreso. SSH can forward every network protocol around, and it's uses are just as many as netcat. Infact, I know of numerous circumstances where you might use netcat over SSH, or SSH over netcat :-)

They both deserve a title as universally useful network tools. The term "swiss-army-knife" is far too overused anyhow. I've heard MPlayer called a swiss-army-knife of video. We simply need some new expressions...

tar cvfz - files | ssh user@host '( cd /where/I/want/files ; tar xvfz - )'

That's a bit crazy... It's like tunneling TCP over UDP.

SCP (or SFTP) is designed for file transfers over SSH. If you think it's slow, it's probably because you aren't taking advantage of SSH's "-C" switch, which enables transparent compression of all SSH data, which would give you a good speed boost in interactive mode, as well as faster file copying. You can also specify compression in your "/etc/ssh/ssh_config" file, or in your "$HOME/.ssh/config".

Nobody seems to be mentioning it, but more than interactive sessions and file transfers, SSH is great for X11 forwarding, as well as arbitrary TCP port forwarding.

I just SSH to any of the machines on my network (with the -X or -Y options), and run a GUI command, and everything works automatically. The app is displayed locally, and it's even fast enough for raw video for the most part.

With port forwarding, you can have any service (HTTP, VNC, etc) running on the local machine, and only accesible to people who can already connect via SSH, no more need for securing each protocol, and being vulnerable to the world with every exploit that comes out.

Even more fun, IMHO, is being able to connect to machines that are behind a NAT/Firewall. Set them up with a script to make a connection to an outside machine, then you can connect over that tunnel inside the private network, and access any services on the network by forwarding an port via SSH. Maybe I don't make it sound that great, but it's incredibly slick to be able to access anything on a private network, from anywhere else, with just a single outgoing connection from a single running machine.

A security concern for some, and an incredibly useful remote-access tool for others.

Re:He killed telnet!

[evilviper]

Theo has nothing to do with the creation of ssh. He (and dozens others, of course) implemented a free version of it. So, if anyone, it was Tatu Ylonen who killed telnet.

They (Theo isn't the only one developing it) based OpenSSH on the free original, which implimented only SSH-1. They've implimented SSH2 functionality on their own, and in many cases added functionality not found in the SSH.com version.

Now, I think the OpenSSH team has earned the title of killers of telnet, because few people were adopting SSH when it was commercial software. If not for OpenSSH, SSH would be used on a few company-owned machines, and 95% of the world would be using telnet or rlogin, and what a terrible world that would be... So, yes, by having the first free version of SSH2, that was also reliable, and very secure, the OpenSSH team were the ones who actually killed telnet.

If you don't accept that logic, then I ask you, who killed NFS? Nobody, of course! There are plenty of challengers, but they aren't secure, and stable, and free, so NFS is still widely in-use.

Re:He killed telnet!

[nacturation]

With port forwarding, you can have any service (HTTP, VNC, etc) running on the local machine, and only accesible to people who can already connect via SSH, no more need for securing each protocol, and being vulnerable to the world with every exploit that comes out.

Thanks for that advice! Now I can port forward my telnet service over ssh so that I can finally have secure shell access!

Re:He killed telnet!

[releppes]

If I'm not mistaken, didn't Theo model SSHv2 after the commercial version. The SSHv2 protocol came first, then Theo made OpenSSH compatible, not the other way around. Granted, Ylonen went commercial with his product, but it was he who was the true visionary. Theo just hacked his own in likeness of him. Theo is a smart guy, but keep your respects in perspective.

Unrelated, but I saw it in another post...The rediculous argument for the GNU/Linux name. I read another perspective of the rationale being the name change was to distinguish what's meant when one talks about Linux. Such a stink was made about paying respect to the GNU community. RMS preached the angle about Linux just being the kernel and GNU was so massive in commarison and hence they deserve so much credit that the GNU name should come first. It's just another example of how software freedom fighters are more concernded about self egos than anything else. In the case of Theo, don't be blinded by his contributions. He provided enhancements, not inventions. The GNU foundation provided tools not an OS.

Agreed.

[hot_Karls_bad_cavern]

i was just about say something along these lines. Theo can turn folks who encounter him for the first time, but i gotta tell ya, i sleep better at night with a stripped, clean, secure OpenBSD firewall. i give money to the FSF, i think OpenBSD is deserving of my monetary support as well. Glad to see this type of recognition for his work :)

Watch out!

[JM]

Eventually, Stallman is going to ask us to call it Gnu/OpenBSD ;-)

Re:Watch out!

He actually has a position on that matter :)

Re:Watch out!

[slavemowgli]

Unlikely. The BSD people are actively working to replace every GNU utility still in the system with a BSD-licensed version - look at the changelogs for OpenBSD, for example, and you'll occasionally see an entry mentioning that this or that has been replaced.

Re:Watch out!

[northcat]

Only on slashdot does a post like parent not get modded down as troll.

Have some fucking gratitude.

Re:Watch out!

Old joke.

The only reason that Stallman wants to call it GNU/Linux operating system is because calling it 'linux' is just to ambigious.

Linux is a kernel.
Linux is a OS.
Linux is a social movement.

All of it's meanings are used interchangably and unless you understand excactly what is going on in the discussion it makes it very hard for a lay-person to understand what is going on and causes needless arguements when somebody just wants to talk about linus and kernel developement and the other person wants to talk about Free and open source software in general but things that what the other guy is saying by saying 'linux'.

So by saying 'Open source software movement' or Free software, and then GNU/Linux operating systems, and then the Linux kernel is much clearer then going:

Linux, Linux, and Linux all mean three completely, but interelated things.

It's seems so obvious to anybody who remembers hearing 'Hi, I am Darel, this is my brother Darel, and this is my other brother Darel."

It's a 'Duh' just call it GNU/Linux and get over ourselves, but instead it's:

one slashbot:
GNU/Linux! WTF is that? Why don't we call it X.org/Apache/BSD/GNU/Linux!!!! RMS is a insane hippy! Fuck him!!! ARGHHHHHH!!!!

other slashbot:
ROLF-lololololololololololol!!!!!!1111o neoneoneone

Don't forget folks, words mean stuff.

Unless your talking about Linux, then it can mean anything you feel like, from a social movement, to a specific kernel, to a business model.

Re:Watch out!

[einhverfr]

Well.... I agree that you have a point. But the fact is, GNU/Linux is a bit of a mouthful, and squoutna usually wins the day (squoutna referring to people saying "Squoutna porch" instead of "Let us go out on the porch"). So I personally say Linux to mean "A modular operating environment based on the Linux kernel," F/OSS or Free/Open Source Software to mean the social movement and The Linux Kernel to mean just that, the Linux kernel.

If I say OpenBSD or the OpenBSD Kernel, I mean something similar.

As much as I admire much of the work that RMS has done, I don't think he will ever get the majority of users to conform to this apparoach. No "education campaign" can keep people from choosing simpler expressions and shortening them. So in this, he will never succeed and will only make enemies. I have put quotes around "education campaign" because although the FSF says it is not a battle, RMS seems to fight it as if it was (not speaking at LUG's unless they conform to his naming standards, etc-- if this was all about education, you would think he would use it himself and put something in those speeches to "educate" others why they should follow him).

I suspect that a large issue for RMS is that he doesn't want the FSF to be marginalized and by trying to promote what is essentially a trademark (registered or not, IANAL), he hopes to keep that from happening. There are better ways to do this though. The FSF is well known and respected in the community regardless of this issue, and they can do many other things to promote their place.

I am glad to see this award going to Theo. OpenSSH is really useful and OpenBSD is really good for some things. I also admire his work wrt the wlan card firmware, and many other issues.

Re:Watch out!

[slavemowgli]

As long as both sides keep improving their tools in order to convince people to switch, the user can only benefit from this.

Re:Watch out!

[ansible]

Good luck with that BSD-licensed C compiler. GCC's had/has issues, but that's a big lump of code to replace.

Re:Watch out!

[evilviper]

Good luck with that BSD-licensed C compiler. GCC's had/has issues, but that's a big lump of code to replace.

I'm not quite sure how you meant that to sound, but it does seem like you don't realize a BSD C compiler has been in the works for quite some time, and has been recieving more and more attention/support lately...

Specifically http://www.tendra.org/

Re:Watch out!

[nacturation]

Good luck with that BSD-licensed C compiler. GCC's had/has issues, but that's a big lump of code to replace.

Good luck with that Linux operating system. Windows had/has issues, but that's a big lump of code to replace. ;-)

Re:Watch out!

[nacturation]

Only on slashdot does a post like parent not get modded down as troll.

Netcraft confirms: everybody but you got the joke.

There is somebody missing here:

[colores]

Previous winners of the Free Software Award * 2003 Alan Cox * 2002 Lawrence Lessig * 2001 Guido van Rossum * 2000 Brian Paul * 1999 Miguel de Icaza * 1998 Larry Wall Why he is no yet on the list?. May be because his public use of some proprietary software

Re:There is somebody missing here:

[Mr+Ambersand]

Why he is no yet on the list?. May be because his public use of some proprietary software

From the beginning, Linus has held the posistion of "eh, whatever" with regards to software freedom. He'll take advantage of it, but he's been very clear on where exactly software freedom is in his list of priorties (which is: below convience).

In contrast Theo has re-written whole parts of his operating system (pf and OpenSSH) for the sake of being able to give away an entirely free-for-any-use operating system.

While Linus has made an invaluble contribution to Open Source, Theo has proven time and time again to be a strong and active advocate for Free Software (with a capital 'F').

Re:There is somebody missing here:

[slavemowgli]

Yes, I agree. Bill Gates definitely deserves an award, too! :)

Re:There is somebody missing here:

[legirons]

"Yes, I agree. Bill Gates definitely deserves an award, too! :)"

Microsoft won the "Best Linux advocacy" award (Linux Format, May 2003) for their "Licensing 6.0" scheme and the number of business customers it alienated

Re:There is somebody missing here:

In contrast Theo has re-written whole parts of his operating system (pf and OpenSSH) ...

OpenSSH, hardly. In README in OpenSSH 3.9 source code:

OpenSSH is a derivative of the original and free ssh 1.2.12 release
by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels
Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer
features and created OpenSSH. Markus Friedl contributed the support
for SSH protocol versions 1.5 and 2.0.

Re:There is somebody missing here:

[arturs]

Theo has re-written whole parts of his operating system (pf

That's interesting. What was Daniel Hartmeier doing then?

Re:GNU/Linux and other BSD distributions?

[Tony+Hoyle]

'Also' makes no difference to the meaning (and your rewrite also contains the problem phrase). I had to read it twice as the most obvious meaning isn't the correct one this time.

It would probably have been better as 'other BSD distributions and GNU/Linux' as that's harder to misread. Can't think of anything clearer without bringing the grammar nazis out.

Lighen up... RMS describing Linux as a BSD distribution would be quite funny actually.

Good Candidate

[Aknaton]

Theo is a good candidate for this award. He is dedicated to creating a free, secure operating system that includes only truly Free software.

Of course, Theo can be acrimonious, but that doesn't change if contribution to Free software.

Where's Linus?

[greazer]

Previous winners of the Free Software Award * 2003 Alan Cox * 2002 Lawrence Lessig * 2001 Guido van Rossum * 2000 Brian Paul * 1999 Miguel de Icaza * 1998 Larry Wall

I agree with everyone on this list of gread free software contributors, but it's certainly conspicuous that Linus is missing from it.

Re:Where's Linus?

[Mr+Ambersand]

Not really, contributing to it is not the same as strongly advocating for it; and Linus has always been wishy-washy about Free Software.

It makes no sense to give an award from the FSF to someone who both derides the GNU standards *and* says to use 'whatever works'. It's a political award and Linus' politics don't fit the Free Software model.

He's much more of an open source kind of person.

Re:Where's Linus?

[rama]

Not so. Specifically, since the fsf announcement excludes Linus and RMS. Here is from the announcement: "People such as Alan Cox, Miguel de Icaza, Donald Knuth, Larry Lessig, Brian Paul, Guido van Rossum, Richard Stallman, Linus Torvalds, and Larry Wall who have already received this or other awards for their contributions, are not eligible for the Award for the Advancement of Free Software."

Basically, it is the past year winners + Linus + RMS + Knuth + Larry Lessig. Looks like an august company and no slight meant, certainly to Linus. Being in the same league as Knuth is pretty good, I would say, even for Linus.

[Just FYI, even after all these years, Knuth pays money if you find a bug in his TeX program, or in his Art of Programming books].

Congrads Theo!

[WillRobinson]

I use Linux every day, and appreciate the fact that I have a good method to connect to my servers in a secure manner, thanks to Theo.

And I want to thank him for his other contributions, as it has made me some good cash, installing BSD boxes in front of Windows email servers with packet filtering!

Again Thanks Theo. I wish this type of stuff could reach more mainstream news, but we can all know just like other major happenings in the world, there is a army of unsung heros who make things happen.

Re:Congrads Theo!

[technik]

And I want to thank him for his other contributions, as it has made me some good cash, installing BSD boxes in front of Windows email servers with packet filtering!

If you haven't already, thank him by making a monetary donation or a hardware donation.

Re:Congrads Theo!

[releppes]

Make check payible to Theo?.....

Re:GNU/Linux and other BSD distributions?

[TheRaven64]

It would probably have been better as 'other BSD distributions and GNU/Linux' as that's harder to misread. Can't think of anything clearer without bringing the grammar nazis out.i

Some grammar nazis might complain about the tautology `Berkley Software Distribution Distributions'.

For those wondering "why not linus"

[Mr+Ambersand]

Reading this FAQ entry should shed some light on why linus has never been, and probably will never be up for this award.

Re:For those wondering "why not linus"

[rsidd]

That FAQ entry has nothing to do with Linus. As others have pointed out, people like Linus (and RMS himself), who have already received other awards for their contributions, are not eligible.

I don't know how they decide that Theo or Guido or whoever is eligible (I'm sure they've received awards, though possibly of much less significance).

Hehe

[FullMetalAlchemist]

Considering this, and especially Theo's view on Free Software; i.e. that it isn't anywhere close to real freedom, a stance I agree with btw; I'm quite surprised, pleasantly surprised.

Anyway, go Theo!

Positively surprised...

[Florian]

...that the FSF honors a developer who releases his work under a non-copyleft (=the BSD) license and whose main project is an operating system alternative to GNU and Linux.

Re:Positively surprised...

[idiotnot]

The two clause BSD license is GPL compatible.

The split between GNU and BSD is largely historical; BSD wasn't a full OS, rather just enhancements atop Unix (which you needed an AT&T license to run, and couldn't modify). By the time the BSD lawsuit was fleshed out and the BSD license made free, the GNU project was already well underway.

Learn more about OpenBSD technology

If you want to learn more about the great work these guys do in networking and security, check out the OpenBSD Events page for upcoming talks by the developers themselves.

There will be a number of talks this week in Dublin, Ireland from Theo de Raadt, Henning Brauer and Ryan McBride which are open to the public and completely free of charge!

Re:Learn more about OpenBSD technology

[dago]

Free as in Guiness ?

Re:Learn more about OpenBSD technology

[Caligari]

Unfortunately, Guinness is rather expensive in Ireland these days.

Re:hard to believe

If you had any kind of clue about the way `proactive security' works, you wouldn't write such drivel.

Why is OpenBSD called OpenBSD ? because it was the first BSD to make its CVS tree accessible for everyone. That's right, anyone can subscribe to source-changes and see the commit messages. And anyone can get the sources.

Now, most security fixes are NOT tagged as security fixes. They're tagged as clean-up, or reliability issues, or normal bug-fixes.

Why is this so ?

Quite simply, because those fixes are done while reading the code, NOT in reaction to a security hole.

That's what `proactive security' means. When you find something fishy, you just go and fix it, you don't sit on your fat ass and wait for months until someone finds a way to exploit it.

As a result, OpenBSD is more secure than most other OSes out there. Not because of cool technology like ProPolice or W^X, but simply because of good engineering practices.

OpenBSD doesn't have the latest cool feature. It's never been about that. But it has obsessive-compulsive developers who care about security.

Security is not a plug-in. It's not something you add to a distribution after you've put in all the carelessly designed and dangerous features.

Security is a process.

Security is a state of mind.

Security is a priority: either you put it right there, in front of you, and FIX THINGS when you think they might get broken, or... you will run into actual nasty holes, and make the front page of bugtraq.

Re:Open* spinoffs & the Open Source idea?

... because NetBSD development was not free. Theo lost his access to the CVS tree. Read the email exchange, and you'll find out that's where the main problem was. ... because SSH was not free. OpenSSH started with the last release from Tatu Ylonen with a free licence. ... because the CVS people don't get the OpenBSD patches. For instance, CVS client/server is still not officially supported, even though that's what everybody uses. ... because NTP is thoroughly insecure, and NOT free. NTP is released under a variation of the ISC licence, which means it CAN'T be distributed freely.

In the CVS case, collaboration with the CVS team was impossible. In all other cases, it was a question of freedom. Those other projects had strings attached, Theo yanked the strings and had the balls to restart things.

BTW, thanks to NetBSD. If you hadn't forcibly taken out Theo, he probably wouldn't have done so much for free software. Starting his own project off NetBSD was probably the boldest move he's ever done.

Re:So what's the award?

[Lobo93]

He got 5 kilos of flax; none of that funny money you wage slaves call "a reason to live".

Re:hard to believe

You still don't know what you are talking about.

Yes, most bugs we fix have some kind of security relevance. This is obvious. Now, are we going to tag each single entry we commit with `possible security fix' ? Are we going to spend a lot of time convincing other people this might be relevant ?

Nope, we are not.

We tried. This is simply a waste of time. It doesn't work. A lot of other projects don't have a clue. You tell them that what you're doing might be security-related, and you waste hours explaining the issue to them.

Think about it. Every time you simplify a piece of code, or replace an obfuscated algorithm with something simpler, you ARE handling security issues... or you might be. That's not important.
You are not going to waste time figuring out whether that fix is an actual security fix, or just some clean-up.

Because you can use the same amount of time fixing other issues, and that's more useful.

Want actual proof ? Look at all the changes in OpenBSD that replaced strcpy/strcat with strlcpy/strlcat. Now, go out on the linux lists, and ask why strlcpy still isn't a part of the glibc, but strfry is. Or look for comments on the above subject from Ulrich Drepper.

Make up your own mind.

Who do you think has a clue ?

The people who found out countless potential buffer overflows all over the place, fixed these, and still find that new code has the same mistakes and buffer overflows ?

Or the people who think that strlcpy is irrelevant because good programmers don't write buffer overflows ?

You could also look at tmpnam and mkstemp, and countless other examples.

As another instance, look at chroot and privilege separation. In many cases, the added safety translates to less features (like, a chroot'ed daemon that can no longer read its configuration file on a kill -HUP, or an http server that needs a whole set of libraries to run cgi). Bottomline, do you want the extra features, or the added security.

Most time, there is a trade. Those security fixes rely on non-portable parts of the libc. In many cases, third party software will buy back the extra stuff (look at rsync, kde and strlcpy), but this takes time...

try to do some development work, instead of posting opiniated, clueless comments on slashdot. Spend some time fixing security issues. See your patches take months to get accepted upstream. See the next release still have the bug, because some clueless, feature-conscious developer added some code with the exact same wrong pattern in another area than the one you've been fixing...

The ultimate threat

[Lifewish]

A few posts later:

----------
> To accuse a person of sabotage, a crime, is a serious matter. If the
> accusation comes from Brett Glass, it can be ignored, but when other
> people do say it I'm entitled to refute it. I am sorry that the
> accusation was made on your mailing list.
>
> Yesterday you said you would, so
> keep your word for once.
>
> I did not make any promises to you yesterday; I stated a decision that
> I had made for my own reasons.

Bugger off, Richard.

Get off these lists, or you'll see me on the gnu lists much more.

----------

Now there's a threat... glad to see they've made up.

Re:GNU/Linux and other BSD distributions?

it might even have two mascots!

Now mod this insightful!!!

Very Well Said

[curveclimber]

Stallman is constantly the target of criticism for being so concerned with distinguishing Free software form Open Source software. But the posts above show even the technically literate audience of /. still don't get it.

I think you explained well why TdR would be more deserving of a Free software award than Torvalds.

Re:Open* spinoffs & the Open Source idea?

Back then, there was no anonymous cvs access to the sources. You had to be a part of NetBSD inner circle to get access to the development sources.

All that was free was the released version. There was some amount of political control of information.

Reread the exchange between Theo and the other members of NetBSD-core. One persistent complaint from Theo is that he could no longer easily work on the sparc port, because he did not have access to not yet released code.

Let's put aside any re-definition of freedom by the FSF, OSI and whatever group of the month is running this show.

No, this is not free development. Theo was not free to see what was going on in NetBSD in a technical sense. He had lost control. And the people in netbsd-core used that power to try and get Theo to promise he would change his behavior.

Whatever you might think of Theo's attitude (yes, he can be a complete fucker sometimes), that's not freedom, by any sense of the world.

Now, look at the world today. All BSDs have open cvs trees. I think that would have happened, eventually, but I'm 100% certain Theo's decision to make sure OpenBSD CVS tree would be totally open to public scrutiny at all times has a HUGE role to play in that change.

Tito, hand me a cluestick

[Flower]

When you reincarnate please remember to stay in line and get double helpings on observance (you missed the emoticon which provides *gasp* context) and humor (ummmm, it was an obvious joke) before coming back. The gift of "leading sheep into making bad mods on /." really wasn't meant to be taken seriously.

Re:hard to believe

[jschauma]

Why is OpenBSD called OpenBSD ? because it was the first BSD to make its CVS tree accessible for everyone. That's right, anyone can subscribe to source-changes and see the commit messages. And anyone can get the sources.

You seem to be stating that the other BSD's didn't do this or at least not until OpenBSD did it first. Granted, I wasn't around at the time OpenBSD forked off of NetBSD, but looking at this message it would seem that NetBSD's commit messages were public quite a while before OpenBSD existed. It would also seem that at that, anybody could get the sources. Just FYI.

Oh, irony

[ndogg]

I find this entirely ironic. I'd love to see de Raadt accept the award from Stallman personally. I would bet de Raadt's reaction would be memorable.

That said, this is awesome. de Raadt definitely deserves the award for all the hard work he's given to the community.

Re:Oh, irony

[ph0enix]

Ummmm. If you look at the OpenBSD Events Page you'll notice that regarding FOSDEM in Brussels, "Theo de Raadt will also be present at this event, though not presenting a talk." No need to speculate, he was there personally to recieve the award.

Re:Open* spinoffs & the Open Source idea?

You're overlooking two facts:

1) the "development" sources (NetBSD-current) were always available in NetBSD, on a daily(?) base, so saying Theo would have been restricted to releases is wrong. And

2) it was not able to just make a anoncvs-server for NetBSD then, due to the AT&T licensed code still being in there back then, which would have violated some people's rights. This was fixed later and NetBSD got its anoncvs server after that. And not because "oh, look what THEY have, we need that too now!".

Please stick to the facts when posting. If you don't know facts, research them.

My eyes!

[damian.gerow]

Normally I'm not this anal, but I just can't help it. Why in ${DEITY}'s name is there a *comma* after 'Richard Stallman'? Who could have *possibly* thought that it was a good idea to put a comma there?

Yes, I know, we're geeks, and we butcher the English language on a daily basis. But come *on*, people, at least make *some* effort to use some common sense.

Re:My eyes!

[ray-auch]

Maybe it is just a pause, because we should all pause and consider (cross self, bow, or whatever) after the name Richard Stallman.

Correspondigly, the full stop after "Theo de Raadt" would indicate a longer pause, not because the latter name is necessarily greater, but because of the staggering import of the whole sentence and the necessity of picking oneself up off the floor (at least for those knowing some GNU and BSD history and the beliefs/writings of the two persons named) :-).

Re:My eyes!

[dextromulous]

Why? Because it's a quote.

FTFA:
"FSF President and founder, Richard Stallman, presents this year's award to Theo de Raadt."

Does this make it any worse?

Re:My eyes!

[mickyflynn]

no, because it's a subordinate clause.

What?

[ArbitraryConstant]

"The freedom of BSD has the danger of making you a prisoner of its distributed derivatives."

How? If you don't like the version the company you're dealing with (Sun, Apple) is shipping, you can always get the official software from openssh.org.

"GPL code belongs to you for the asking. That is also why GPL will eventually out-evolve all other software."

No. What has become obvious is that the community of developers is what drives the evolution of a system. Either can stagnate, either can advance quickly.

Re:What?

[4of12]

What has become obvious is that the community of developers is what drives the evolution of a system. Either can stagnate, either can advance quickly.

True, but a plausible argument can be made that BSD style freedom permits a great derived work to appear only in closed source code that can achieve success in broad binary distributions. The improved source code base is unavailable.

That will tend to sustain and keep alive the closed source company and encourage their behavior of keeping great innovations on BSD common work to themselves because it is profitable to do so.

The GPL also allows great closed source innovations on common work, except that it can only be used internally because binary distribution of improved code would require the source also be made available. In some sense, this makes a ratcheting of improvements in the GPL code built-in. But it says nothing about the pace of those innovations to GPL code.

There are different social dynamics involved in each license and it's not immediately obvious how things will play out in the long term.

Handicapping the GPL is that companies are less inclined to improve too much upon basic GPL work rather than BSD license common work; but the GPL has less chance of its improvements going into a wormhole that will never be reexposed to the commons. It's hard to know which force will prove to motivate the greatest progression of software.

Perhaps the best license would be a hybrid, something where you distribute your closed-source binary derivative work for a limited term no longer than a couple of years, whereupon the conventional GPL kicks into effect.

As a software developer, I kind of like the dual license approach of Trolltech.

Re:What?

[ArbitraryConstant]

"True, but a plausible argument can be made that BSD style freedom permits a great derived work to appear only in closed source code that can achieve success in broad binary distributions. The improved source code base is unavailable."

There are two classes of patch that mitigate this. The majority of patches fall into this category IMO.

First, there's generic bugfixes. These are typically submitted back to the community even with BSD licenses because companies don't feel like maintaining a private patch set. A company I used to work for is responsible for lots of updates to Python due to this. Sure we could have a better Python than the official distribution, but we wouldn't get paid for that so it was a waste of our time to keep the fix to ourselves.

Second, there's private customizations. The GPL explicilty allows these as well. These typically aren't useful to the community at large, because they're application specific, and patches related to them wouldn't be accepted. This happend with IBM patches to GCC for PowerPC970 optimizations that were rejected. The only difference is that the BSDl allows binaries to be distributed without source in this case.

The stuff that you really want to get back the community is the large scale optimizations, but these are typically written by a core of people that don't have anything to do with a company, except for occasional funding.

There are only a very few projects that are big enough to get changes that benefit the community by private companies. Apache, the Linux kernel, that sort of thing. In these cases the GPL is indeed preferable.

In other cases, it seems as though a small group of talented developers gets more done almost to the exclusion of community involvement or license. DragonFlyBSD and OpenBSD have done amazing things with small communities, as have the GNU people with HURD. BeOS was an amazing accomplishment in an entirely proprietary environment.

I'm glad the GPL is available, but there's room in the world for other licenses.

Award ceremony transcript

Richard: "We have gathered here to honor another Free Software giant. Ladies (hello you two geeky, but quite cute girls in the back) and gentlemen, I hereby present this award to Theo de -"
Theo: "What?! An award??? I thought we were going to discuss you ditching GNU/Hurd and adopting OpenBSD as its replacement?! You got me here under false pretense, I can't fucking believe this!!!"
Richard: "Well, we knew you wouldn't have come otherwise, so I -"
Theo: "Do you realize you robbed me out of a whole day of code auditing?! Do you?! That's it, I'm suing!"
Richard: "What do you mean, you don't even have an account and I don't give out root - "
Theo: "Ohhh, veeery funny! I'm taking you to the bank for everything you've got, buddy!"
Richard: "Well, then I should just give you the $2.49 because that's all I got."
Theo: "No, here's $10, now go and have that beard trimmed for the love of everything you GNU! You look like a damned hobo!"
Richard: "Well, actually, purely technically speaking, I am as free as a hobo, except that I smell nice."

Ñu

[Santana]

Its logo says it all, it's a ñu.

For those that doesn't know how to pronounce 'ñ', it's like 'gn' in cognac or Avignon.

Re:Away satan!

[gl4ss]

I think what RMS is now mostly worrying about is that patents and such are turning the world into a place where you wouldn't be able to publish even a trivial piece of software for free.

Re:Prime-time recognition for outstanding develope

[einhverfr]

Ok... I want to make a point here....

At one point I looked at the data and concluded that BSD was dying. I think that some people really think this and are not really trolling. The confusion comes in part due to a couple simple mistakes.

It is true that Netcraft has in the past indicated that *BSD is losing market share to Linux in at least the web server markets. However, these numbers are percentage based (regarding domains hosted) and probably don't represent an absolute decline. In fact, I suspect that the absolute number domain running on web servers running *BSD is probably currently growing but doing so slower than the market. This would fit with the observation that proprietary UNIX doesn;t seem to be in much of an absolute decline (with a few punctuations in the equalibrium) and that all such flavors are losing marketshare (percentage-wise) much faster than *BSD.

Secondly, because we are not seeing a mass exodus of the core developers from *BSD to Linux, I don't think one can ever say these are dying. Just as Microsoft can't kill Linux, Linux can't really kill *BSD. The only thing that can kill *BSD is, well, *BSD. More likely, we will see the licensing advantages that Linux offers disappear as proprietary UNIX and later Windows falls. At this point, Linux will still have some competative advantages, but we may see *BSD grow more rapidly once proprietary competition is eliminated.

Re:hard to believe

[Ulric]

Hmm, this AC sounds just like the actual Theo.

RMS smelling nice

[^BR]

From every person that I know that got the "privilege" to meet RMS in person the expression "smelling nice" usually is not in their description...

Neither is "smelling like the wino down the street" but still...

Re:RMS smelling nice

[LizardKing]

From every person that I know that got the "privilege" to meet RMS in person the expression "smelling nice" usually is not in their description...

A few years ago, RMS was in Oxford, UK for some talks he was doing. His accomodation fell through, so I offered to put him up in my flat for a few days. My abiding memories of his stay are that he drank gallons of herbal tea and took really long showers. In fact he was quite bemused by how small the typical British hot water tank is, as it meant he couldn't shower for as long as he liked ...

Open Source Forking isn't bad

[einhverfr]

Sure it can lead to customer confusion, but it can also mean that you have a larger number of small teams working on specific niches. If a contribution is generally useful, it can be merged back. For example, the Samba NT4 PDC/BDC stuff was first developed in the Samba-TNG fork and later merged back. Similarly sook at how many forked Linux kernels have been generally available (merging third party patches).

Re:Open* spinoffs & the Open Source idea?

[jbolden]

At the end of the day, OpenBSD was created because Theo couldn't get along with the other 'first-tier' NetBSD developers, and didn't want to be a 'second-tier' developer.

Or you could phrase this as
At the end of the day, OpenBSD was created because the 'first-tier' NetBSD developers used access controls to try and enforce social policy and Theo refused to be extorted.

This whole thing cuts both ways.

Re:Prime-time recognition for outstanding develope

Have you any info on the current BSD market share?
These are the latest data I could find about BSD market share - and they say it's gaining it.
Nearly 2 Million Active Sites running FreeBSD
"FreeBSD secured a strong foothold with the hosting and internet services communities at the genesis of the web and has anything but gone away. Indeed it is the only other operating system [besides Windows and Linux] that is gaining, rather than losing share of the active sites found by the Web Server Survey."

A more recent article doesn't talk about market share, but is quite enough for everybody to see how "Netcraft confirms it".. :)
Nearly 2.5 Million Active Sites running FreeBSD (Jun 2004)
"[FreeBSD] has secured a strong foothold with the hosting community and continues to grow, gaining over a million hostnames and half a million active sites since July 2003."

I think this pretty much says it all..
--
Requiem for the FUD

Re:Prime-time recognition for outstanding develope

[einhverfr]

Your information is newer than the information I had previously seen. I see it as further evidence that *BSD will grow rapidly once the viability of proprietary competition is reduced to the extent that it is no longer competitive.

Re:Away satan!

[cheesybagel]

The price for freedom is eternal vigilance. The latest stance has been towards taking liberties from consumers and giving producers more control (e.g. DMCA, Broadcast flag). If people do not fight back, eventually it will be illegal for you to use a fully free software system.

Valuing convenience is a political statement.

[jbn-o]

Without passing judgement, it is very clear that Linus values convenience above principle. This is part of the reason so many Slashbots like him: he is, in their minds, "refreshingly" a-political.

I forgot to include this in my previous follow-up: it seems quite a political statement to me to favor convenience above software freedom. I'd hardly call Torvalds apolitical, I'd say that his views are the views people have been taught to value--use what helps you get jobs done, push aside any other concerns regardless of their effect on society--hence they are popular.

This proves one thing about assholes

[blackhedd]

Theo deserves a lot of recognition for his technical achievements and his commitment to freedom. Getting this award proves that you can blow off everyone in the world except your personal fanboys and still be a success.

My company based a commercial product on O-BSD, then converted to Linux when it became clear that Theo doesn't know how to anchor a diverse community. We even tried to fund his project but never got past being personally abused.

Re:This proves one thing about assholes

[antonakis]

Ok. You "tried" to fund his project and then you were "abused".Exactly *how* were you personnaly abused? You are right,this proves one thing about assholes : you are among them.Go troll elsewere

Re:This proves one thing about assholes

[RazzleDazzle]

I guess I just don't see "anchor a diverse community" on their PROJECT GOALS page: http://www.openbsd.org/goals.html

I have watched misc at openbsd.org for several years and I have never seen Theo personally abuse someone unless it is deserved. Obviously you are only telling YOUR side of the story.

Re:This proves one thing about assholes

[blackhedd]

We offered to fund a portion of the OpenBSD project's budget as a corporate sponsorship. We were thinking about putting in perhaps a million dollars a year. They responded cautiously until we asked how much they might need. The emails we got back are not printable on a family website :-). This was back in 2003, several months before DARPA pulled much of their grant money. When we started hearing from fallen-away project members over the next few months, we realized we were lucky not to have gotten involved.
Anyway, no knock against Theo or his achievements. He deserves his recognition, as I said in my original post. He's running his project like a sandbox, however, and that makes it hard to depend on.

Re:Open* spinoffs & the Open Source idea?

[cpghost]

All BSDs have open cvs trees.

Technically, that's true. But consider FreeBSD, which uses Perforce internally, before the changes hit the CURRENT CVS branch!

Re:Oh my god...

[LurkerXXX]

Please list the 3-5 remote holes in the default install Mr. Anonymous troll.

Re:WTF?

[Beek]

rofl

to help celebrate

[xmp_phrack]

i'm going to release an OpenBSD remote root

rsync

[ansible]

Or you could just use rsync over ssh instead:

rsync -av -e ssh local_directory/ user@remote_host:remote_directory/

And if the rsync dies, you just run the same command again.

Much less typing. :-)

Re:rsync

[drinkypoo]

Yeah, I think my brain is full because I can never remember the switches I want for rsync and consequently it's faster to just tar. I just made an alias, though, maybe I'll remember to use it next time I want to copy a bunch of files.

Re:rsync

[ansible]

Those are about the only command line switches I use with rsync.

The only other one I sometimes throw in is --delete. But I try to look things over and think twice about that.

Re:Oh my god...

[0x000000]

There are none. At least, not that i have noticed Excuse me while i go check up on my OpenBSD box. Damnit, someone hacked it!

Re:Open* spinoffs & the Open Source idea?

[jkoshy]

But consider FreeBSD, which uses Perforce internally, before the changes hit the CURRENT CVS branch!

FreeBSD's primary source control system is CVS.

Some (but not all) developers use Perforce to manage their experimental FreeBSD-related project -- work that is either too intrusive or too experimental to bring into the main tree directly.

Please see: http://www.freebsd.org/internal/.

Re:hard to believe

[Nimrangul]

Definately a good mimic if it isn't, the security is a process, security is a state of mind had me thinking so.

Conflating for confusion.

[jbn-o]

You have lost software freedom for those "various network appliances, switches, routers, etc." and you still have software freedom for OpenSSH. They are different programs licensed differently despite that the non-free programs are derivatives of the free software program. It's sad that you chose to make your point with swearing and exaggerating to prove a false point. It doesn't make your argument more convincing.

Re:WTF?

[Nimrangul]

No, a proper metaphor using those two notorious names from the past would be Stalin giving an award to Hitler.

For you see Hitler was the strong dictator and Stalin was the insane communist.

Mind, I have nothing against de Raadt, just pointing out that the inappropriet metaphor was backwards.

Theo de Raadt wins FSF award.

[lapierre]

Theo deserves this award for his uncompromising stance on security in OpenBSD. In these modern times, what we need is software that actually works. Theo and his team are doing more than almost anyone else to achieve what we need most in software and operating system development.

Re:hard to believe

[Nimrangul]

No, I know what mimic means:

To copy or imitate closely, especially in speech, expression, and gesture.

IE: That was either Theo or a person which is skilled in simulating his style of typing.

A meme however would be the idea of security being important.