Slashdot Mirror
OpenBSD Project in Financial Danger
DieNadel writes "In an entry to the OpenBSD Journal, Marco, from the OpenBSD project, warns about the somewhat disturbing financial situation in which they are now. The OpenBSD team is the one that also develops the OpenSSH suite, used nowadays almost everywhere. From the entry: 'What I want to point out what a lot of people don't seem to realize is that OpenSSH development is paid from the same pool of money as OpenBSD. OpenSSH is in use by millions around the world however the revenue stream just simply isn't there. This is where other projects could help. Without naming entities or projects by name there are others out there that are sitting on some cash. It would be wonderful if these entities could share some of the wealth to keep us going.'"
...for Netcraft to weigh in on this one :-)
This is really sad. I used to use openbsd and it is a great project. Very easy to install and a nice fast text based installer. Hopefully someone can pick up the slack and donate to this great project.
My UID is prime is yours?
Dear Theo:
Maybe people are deciding you're just too much of a douche to put up with.
I'm sure if you run out of money and cant work on openssh anymore that someone with the time and resources will pick up the ball and run with it. Such is the nature of OSS.
Love,
the Free Software Community.
This space for rent.
I know some large companies (cough*apple*microsoft*redhat*cough*) can certainly afford to support openSSH, and need the project to continue running.
These companies however would not want to give to an operating system project that competes with them.
Maybe the openBSD & openSSH projects should seperate?
My pics.
...oh wait, I guess it really is!
As Maddog put it:
"I believe it was at a conference in Australia (also in the 1996-1998 time frame) that I ran into a rather despondent Theo de Raadt, who told me that for lack of $300. his ISP was going to turn off the project's servers. I took out my checkbook and immediately wrote him a personal check for $300., to keep the OpenBSD servers alive. My comment to Theo was that "your project is too valuable to let die over a measly $300.""
If you're really poor, just donate 5$.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
The SSH project will stay in development with or without BSD, there's no issue here of what would happen if OpenBSD ceased to exist. It's kinda like when most apps on Linux die, or simply cease development...if it's important then someone is there to pick up the pieces.
Brother, improving your security is as easy as ordering a CD: http://www.openbsd.org/orders.html
The CDs that OpenBSD project sells is their main source of revenue and support.
I also think that the OpenBSD project needs to start operating a bit more like a business. Services need to be offered that bring in a healthy revenue stream. Two areas where the OpenBSD development team excel are cryptography and code auditing. Both are related to security, which is a good industry these days. The OpenBSD site could offer paid services, such as code auditing for other projects to enhance security, etc. The OpenBSD developers should also set up a consulting business that performs setup and maintainance of OpenBSD installations, perhaps primarily for small businesses that aren't in the IT business, such as clinics, legal offices, automotive repair facilities, family operated stores, etc. These are relatively simple setups for those familiar with OpenBSD and projects from the larger open source community, and the effort would be minimal. These small businesses would be willing to pay a reasonable price for the service, since they would save greatly on software licensing.
All of those methods could be used to bring in a healthy revenue stream for the OpenBSD project. But in the meantime, please get a PayPal account set up!
Unfortunately, they know that the best value they can give to the tools they provide is to make them free. But as long as the tools are free, there will always be those parts of society that do not contribute to the costs of their creation. And, unfortunately, that's not a minority of people. When was the last time YOU gave money to OpenBSD?
This quagmire of people being unable to develop that that should be free will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that critical free software is important to you. Tell them that you appreciate the work being done by the OpenBSD and GNU teams to support you with the software you need in your life but that if cheapskates keep refusing to contribute to the projects, ensuring people like Theo are not forced to hold down proper jobs, you will be forced to use less and less secure and intelligently designed alternatives. Explain the concerns you have about freedom, openness, and choice, and how a lack of money for Free Software harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on funding Free Software.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Remember, it was thanks to ordinary people like YOU that we are now seeing such innovations as SMP in OpenBSD. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
KMSMA (WWBD?)
OK, I apologize in advance because I already know this is going to piss some people off, but why don't they try going all GPL. That would make it so that proprietary development couldn't fork off the code base and so would probably make the project leads a center point for support, services, and custom jobs. Lots of other people like Red Hat are making money this way, I don't see why the OpenBSD team couldn't do it too. The fact that the free software movement is exploding in cash while Open BSD is suffering - shouldn't that be telling us something?
Linus Torvalds and Bill Gates briefly saw Theo de Raadt in the Gents' toilets at an important computer show; Theo left the trough and walked away without washing his hands. A bit later, they saw him again and decided to take him to task over his indiscretion.
"At Microsoft, we always wash our hands when we've been to the toilet!" said Bill, smugly.
"I'm sure all the Linux developers wash and dry their hands when they've been to the toilet!" said Linus, determined to outdo Bill.
"Fuck off, the pair of you," said Theo, "OpenBSD people don't piss on their fingers!"
Je fume. Tu fumes. Nous fûmes!
Isn't SCO using the OpenSSH code? Maybe they could kick in a few dollars to help maintain it... after all, won't they be getting several billion from IBM any day real soon now?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
And yet, here you are on Slashdot. How does that work?
OpenBSD is a vital project that is lead by an amateur. OpenBSD had a sugardaddy in Darpa, but apparently offended them with negative comments. My question, who does he think will be most interested in his super secure OS?
an ill wind that blows no good
What you said may sound troll-ish to some, but it just goes to show how little support there is for open source projects - especially money wise. Everyone here seems to think everything should be F/OSS, and that you should live off support contracts and such. But in reality, 99.9% of the time, it just doesn't work out (and I don't know many coders who want to do a living off answering the phone instead of coding).
There are some great and very useful OSS projects, but I don't make a living that way. My money comes off closed source/proprietary software - on the hugely popular closed platform. It's already hard enough making a living this way, I can't imagine how "easier" it would be if I gave the app away with the source code and let people fork it. I have enough money now to retire at 30, put my kids thru university, etc. Had I gone the open source way, I don't think this would be true.
It's just like websites and newspapers lately. Besides some advertizing (that we block in any way we can like using AdBlock), there just isn't much of a revenue stream. Nobody's really figured it out yet... Yet there are so many bright folks who've been scratching their heads for a while. This could be the 2nd "dotcom" crash - money has to come from somewhere to fund all this.
The Dead Collector: Bring out yer dead.
[a man puts a body on the cart]
Man: Here's one.
The Dead Collector: That'll be ninepence.
OpenBSD: I'm not dead.
The Dead Collector: What?
Man: Nothing. There's your ninepence.
OpenBSD: I'm not dead.
The Dead Collector: 'Ere, he says he's not dead.
Man: Yes he is.
OpenBSD: I'm not.
The Dead Collector: He isn't.
Man: Well, he will be soon, he's very ill.
Just joking, here's to hoping OpenBSD gets better (financing) soon. (and you can change "Linux Zealot" to "Man" if you're so inclined...)
http://openbsd.org/donations.html - quite painless.
"It would be wonderful if these entities could share some of the wealth to keep us going."
Wow, that's a weak response. It sounds like they're basically asking other F/OSS projects to fork over cash because OpenBSD can't raise money. And it makes F/OSS groups look like the business-challenged hippies that some people think they are.
If you are going to have an OpenBSD organization, then that means that part of your job is raising funds to keep yourself a going concern. Let me repeat: your job is no longer just to write code, but to bring cash in the door so that you can continue to get paid. If you are building products that world + dog are using, then that should be pretty easy. If you are not capable of raising funds, then you need to find someone who is good at it to help you out. There are plenty of those people out there - any semi-competent second-year marketing student should be able to significantly increase their funding channels over what they have now.
I'm sorry but I just don't think you can say, "hey, other open source organizations have done a good job working with the public and the press, and they raised funding, so why can't we have it?" It just hacks me off when programmers complain about the business-types at an organization, then discover it's actually harder than they think. And in this case they have taken the additional step of not trying to remedy the problem, but actually glomming off other groups that have maintained done great work with fundraising and marketing their products.
I have supported OpenBSD myself in the past by buying install discs and T-shirts. I think OpenBSD is a fantastic OS and I will contribute my few bucks here and there to keep them going. But if OpenBSD's answer to their money problems is not to fix their own house but rather to ask others to fork over - it probably means they'll just get in this same hole again later! I think they need to have a better answer to this question if my support (or anyone else's) isn't just going to be money down the drain.
"95% of all Slashdot
After my Linux box got hacked for the 3rd time, I switched to OpenBSD. Here's about how it went. (1) Go to web site, pay for CDs (2) Wait 2 weeks (3) Wait 3 more weeks (4) Contact webmaster, ask what's going on, receive no response (5) Wait another month (6) Try again to contact somebody at OpenBSD, receive no response (7) Wait two more months, give up on trying to contact anybody, write off OpenBSD as a bust (8) CDs arrive in mail almost 4 months after I ordered them in cracked, broken jewel cases with one CD scratched beyond the ability of my drive to read it. Luckily it was the source CD and I didn't need it. (9) Write to OpenBSD people to say I got my CDs but the quality was god-awful, the delay was ridiculous, and one of them was busted. Receive no response. Regardless, my OpenBSD box is going on 3 years hack-free with minimal effort on my part to keep it that way. Regardless, I'm unlikely to go through OpenBSD again. When I order a product, waiting over a quarter of the year is unreasonable, and it could at least arrive NOT broken and all screwed up. And they could at least acknowledge that they receive my email, even if only to tell me to piss off.
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
No one's made this observation yet, so I figure I should: the flip side to OpenBSD not having enough money to maintain operations means that the software they make, especially OpenSSH, is in danger of being no longer supported. Yes, yes, I know, it's free software, so someone else can pick up the pieces after Theo is forced to take his toys and go home. But the reality is that no business in the world should trust software who's creator is about to implode.
What happens in six months when OpenSSH is no longer actively supported by the team that created it and a new exploit is discovered/released? What responsible IT manager is going to let his employer get into the potential problem in the first place?
I say, rather than begging for donations, the OpenBSD team needs to get their act together and find a way to keep the lights on, or they're going to see fewer and fewer people trusting the use of their software in large corporate environments. If that means the leader of the team needs to keep his mouth shut about his anti-war views when he's depending on a grant from the US Defense Department to keep his operation going, then that's what he needs to do. Being an adult means doing things you don't neccessarily want to do, like eating your peas and broccoli.
God invented whiskey so the Irish would not rule the world.
"Don't give money to beggers." But I've got a few granola bars and juice drinks I would be willing to donate.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
It's funny how arrogance and bitterness go so frequently hand-in-hand.
Theo goes around (as seen in these pages) lambasting Linux for basically being popular and successful, and then laments how his "far superior" OS is not as highly regarded. (Compare this to the utterly humble Linus Torvalds.) Now there is the implied threat that if others (read: Linux companies) don't cough up the dough, he's going to yank OpenSSH away from us. He seems like quite a bitter man...
I don't think I'd describe Theo as particularly arrogant. When I've seen or read interviews with him (there was a particularly good one in the Sydney Morning Herald a while back that Google can probably help you find), he's seemed like a reasonable and rational individual. He occasionally flames people on the developer mailing list, but I don't really see how that affects you as a user.
I am TheRaven on Soylent News
OpenBSD needs an annual donation drive the way that Wikipedia has one.
OpenBSD needs to open up it's OS distribution so that people can download and bit torrent OpenBSD ISO disks. OpenBSD needs to be a little easier to install. By taking these steps more people will find out about the project and use it and it will be easier for them to install.
For example, I know someone who switched from OpenBSD to FreeBSD simple due to the ease of installing FreeBSD.
Theo, open up OpenBSD distribution and get with it, have a donation drive: 100k per year sounds like a good goal. But if the software is hard to get then people simply won't use it.
Really, think about what a resourse openbsd.org site is, if they had those tacky Google ads it would recieve a ton of pageviews, and clickthroughs likely since it'll tailor it's ads to BSD/Open Source stuff. Might go against the whole philosophy of the project, which I completely respect, but if it saves said project, it may be a required trade off. With the proliferation of broadband expect to see things like CD sales to continue to dwindle.
fak3r.com
OpenSSH is already BSD licensed. The BSD license is 100% GPL compatible. Perhaps you are thinking of OpenSSL, which uses and old Apache license which is not GPL compatible.
I am TheRaven on Soylent News
Locating its center of gravity in Canada is something of which OpenBSD takes great pride. This is not unreasanoble in light of the adverse legal envyronment and export limitations that security research faces in US.
Speaking of money, charitable donations, US is probably the best place to try to sell your cause. I believe that part of the work on OpenBSD could be supported by a non-profit organization registered in the US. Foundations permit donors to deduct the amount of the grant from their taxes, a benefit which, presently, OpenBSD denies to its benefactors.
Oh you mean like how we developed a crap load of software with kylix only to be left standing with our dick's in our hand right now because they decided to end of life it? ... go spout your drivel elsewhere.. BSD could go tit's up tomorrow and will it make a difference? nope the software and the code still exist.
Got Code?
donate $45 and do an ftp install. the project gets much more $$ that way
vodka, straight up, thank you!
Our webserver, DNS servers, logging boxes, DHCP, wireless DMZ, etc, all exist here thanks to OpenBSD (and we support them). And that's off the top of my head.
Trolling is a art,
...is that there is no corporate entity at all. You make checks out to "Theo de Raadt", which *isn't* going to happen from any really large company with deep pockets. There is zero tracability and zero accountability.
When the U.S. DoD was funding them, the disbursements were handled thru a University or some such.
They need to grow up as an organization. Find a sympathetic accountant to donate his time/effort to establish a tax-free (and tax deductable) non-profit in Canada and an arm in the U.S. Hell, maybe one in the EU and one down under as well.
This will make them infinitely more appealing to corporations who have deep pockets and MAJOR qualms about writing big checks out to individuals.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Keeping in mind that I believe that his work and the OpenBSD project are important, a few words of advice. As someone who works at a very large non-profit let me say this, doing a good job isn't enough. You have to work just like any other business to stary afloat. And that means constantly dedicating time to fundraise and not acting as a "one-man-show". Perhaps he needs to hand off the reigns to someone else and let them manage the project and fundraising. He apparantly and not suprisingly is unable to handle both coding and fundraising. Most people can't so that isn't a knock on him.
Anyway I wish him luck and hope he gets organized. He really needs to establish a real non-profit and get someone with real fundraising experience working for him. Without that I'm surprised it lasted this long. IMHO giving him a few donations in order to keep the project running without him deciding to make major organizational chages is just delying the inevitable. I sincerely wish him the best of luck.
If you wanna get rich, you know that payback is a bitch
you are wrong
what openbsd needs, and what the article is highlighting, are the big companies who use openssh to kick in a few bucks
cisco uses it in their kit. soes does hp. ibm is another. do you think that between the three, they can't come up with say, $75k/year?
~a year ago, a friend of mine consulted at a company that was reworking their entire network. they ended up spending well over $30k on kit. they chose cisco *because* they had ssh (openssh btw) on their kit at the time. the other vendors they had did not
vodka, straight up, thank you!
Ya know what would be nice? Making it easy for businesses AND individuals to contribute. If they don't want to be a business, fine, get the 501(c)3 status in the US and let people make tax deductable donations. Writing a check to Theo's personal account doesn't get considered as part of my charitable giving. I also by a few CDs with each release or two, whenever I'm ready to do another OpenBSD project...
And guess what, the project makes me feel like a sucker... because usually whoever is shipping CDs is out of town, and they don't go out for 2-3 weeks, meanwhile, people have been downloading for free and I'm waitting for my CDs...
You want businesses to pay more that use it? How about selling a business "OpenBSD license" that provides us X copies for some price on a per-server (or per-CPU license) under the BSD. Is it a joke, sure, because given 1 personal copy, I have a license to use it however I want. But if you sell me 5 $299 licenses, I can write it off as $1500 in software purchases. Alternatively, I could donate $1500, but then I can't write it off... This is rough on me as a small business owner, for no reason. A receipt for the purchase would help...
However, asking for non-tax deductable donations is a non-starter. If I was an IT grunt in the field, knowing that I could buy a CD for the $20 or $30 and use it without effort (or download), but if I want to contribute, I could generate an online invoice and bring it to A/P.
In that case, the geeks LOVE that they start the project immediately, and maybe the "invoice" gets paid, and maybe it doesn't. There is no loser in this scenario, but it would require the OpenBSD project to understand the people that they want money from and find a way to make it easy on us to give it to them.
Alex
If eighty cents of every dollar I spend supporting OpenSSH gets flushed down the OpenBSD toilet, is that a good use of my contribution?
The cluelessness of this post defies belief.
I want to support this OpenFoil airplane wing because it supports me. However, if eighty cents of every dollar I spend supporting OpenFoil is vented through the OpenBlow high-test wind tunnel, is that a good use of my contributions?
NX protection, Pro-police, and priv-sep are all products of the two efforts coordinated together. Almost every dime OpenBSD spends is spent in the pursuit of enhancing security, and it's to imagine that those results are not immediately folded back into OpenSSH. Unlike FreeBSD, OpenBSD spends shockingly little on the OS itself. They aren't busy inventing disk geometry managers or porting to 150 different platforms.
90% of human stupidity originates in the capacity of the human mind to engage in intellectual shell games. Here is this dollar: let's split it up in to the 80 cents wasted on OpenBSD and the 20 cents invested in OpenSSH.
Or, my brother is dying of Leukemia. I want to donate blood because blood keeps him alive. Is that a good investment if 80% of the blood I donate is flushed down the toilet to replace blood lost during bone marrow transplants?
Almost too dumb to live, really.
why don't the gov't of Canada support it with monies and in return get good software for their computer systems throughout the government network? What about the universities such as the university in Calgary? Perhaps set up some sort of network security program and use openBSD as the model and provide some support? Just throwing out some ideas.
http://www.openbsd.org/donations.html
Once again, with feeling:
http://www.openbsd.org/donations.html
I already donated today. Cheque, credit card (my preferred method), and Paypal are all easily listed. I guess having the donations link on the main page (just below project goals) was not obvious enough.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
I don't run the OpenBSD OS, but based on this report, I donated. Since I do use OpenSSL and OpenSSH all the time and want to keep them under active development and if everyone that uses these important open source tools for network security kicks in some bucks, we can keep this good thing going.
Do have have any idea what you're talking about?
First, there's a good amount of production servers running OpenBSD. I happen to be the developer of an OpenBSD-based firewall, and the things are running rock solid. The only failures we've had in 5 years are hardware-related. One of the firewalls sits in front of our developer network and has by far the best uptime of anything in the company, including several so-called high-availability systems.
More importantly, only a fraction of the OpenBSD development efforts have moved into other systems, and then often incomplete or much later. I don't wanna start a W^X vs. other methods discussion here, but if you've ever seen a presentation where Theo or one of the other core dudes explained just what is really new under the hood in the latest release, you'd be quite surprised. There's a lot of actual research and development going on in OpenBSD.
Assorted stuff I do sometimes: Lemuria.org
Right here: ftp://ftp5.usa.openbsd.org/pub/OpenBSD/3.8/i386/fl oppy38.fs
ftp://ftp5.usa.openbsd.org/pub/OpenBSD/3.8/i386/fl oppyB38.fs
ftp://ftp5.usa.openbsd.org/pub/OpenBSD/3.8/i386/fl oppyC38.fs
The first will work in most cases, the B and C version include rarer drivers than the first one.
Did you bother looking? At all?
The meme police, They live inside of my head
Oh, you mean the required library that makes OpenSSH actually do anything useful, like anything to do with cryptography. Sorry, my bad. I wasn't aware that they weren't maintained by the same people. I've just always assumed OpenSSH itself was the problem (and for the anonymous coward, the OpenSSH page completely ignores this and only the OpenSSL page mentions it). I know debian-legal has had issues with it, apparently because OpenSSL taints OpenSSH and makes them incompatible with the GPL. So what I wanted still stands, I just realized Theo can't do a damn thing about it. Too bad.
Live today, because you never know what tomorrow brings