Slashdot Mirror
Theo de Raadt Discusses OpenBSD and Beyond
emil writes to tell us that NewsForge (Slashdot Sister Site) is running an interview with OpenBSD project leader Theo de Raadt. In the interview Theo explores the upcoming release of OpenBSD 3.9, continuing financial difficulties, and some of the tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back. In related news the Jem Report has an interesting writeup that expounds on widespread difficulties that could be faced if the OpenBSD project continues its downward spiral because of their parallel development of OpenSSH.
...that some feel are taking advantage of the free software without giving anything back.
Damn. I wonder if there was anything they could have done about that?
Religion for nerds. Stuff that really matters
Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products.
What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
For our work on OpenSSH, companies using OpenSSH have never given us a cent. What about companies that incorporate OpenSSH directly into their products, saving themselves millions of dollars?
No, they haven't been saving themselves "millions of dollars". If OpenSSH didn't exist, people would implement some other free ssh client or switch to a different standard.
If you release something under a FOSS license, figure out your business model beforehand. Of course, Theo actually did: his work on BSD has given him plenty of exposure and celebrity status, which many would consider ample reward for his work, and something he wouldn't have gotten if he had founded a small software company instead. And I'm sure he could (or could have) translated this into consulting opportunities and other business, without even changing the license on anything. But, like many celebrities, it's just never enough.
This is a perfect example of the problem with BSD licencing. Under the various BSD licences, its perfectly OK to take a piece of code and sell it, either modified or exactly as found, without in any way recognising or contrubuting to the project. Run "strings c:\windows\system32\ftp.exe" on a WinXP box and you'll see a perfect example of uncredited work. At least under the GPL if someone sells an unmodified program, the project will get recognition (since it will have to remain open source, and thus the origion of the code will be obvious), and if they sell a modified version the project will get the source for the modifications back. Neither directly equates to funding, but publicity and a better code base both help to attract financial support. Both arrangements depend somewhat on the cooperation and altruism of the entity using the code for a profit, but the GPL isn't quite so hopelessly naive.
I was recently asked in a job interview "If Theo de Raadt and Dan Bernstein were locked in a room with knives, who would you want to come out alive?"
;P
(and my interviewer is probably reading this, in which case, "Hi there!")
I said I wanted Dan Bernstein to come out alive, because I actually use his stuff in production as opposed to OpenBSD... but after thinking about it for a while I realised that OpenSSH is perhaps more important that Dan Bernstein's stuff. I mean, Dan never updates qmail and any of his tools... Theo may as well bump him off for all I care.
No. It would be extortion if he were threatening to put security holes in SunSSH. He's just saying that without Sun's support, he can't be expected to analyze and warn them of bugs in their product. Or are you saying I have a legal requirement to disclose every bug I notice in every piece of software I use to the developer?
====
Crudely Drawn Games
An OpenBSD CD set is $49. If you've ever used OpenSSH or x.org X11 (read the article), you've already got your money's worth. In addition, chances are that somewhere in your organization (or at your house?!?) there's an OpenBSD-based firewall happily chugging away with PF and CARP.
So cut the anti-BSD crap and get over Theo's personality for like 10 seconds and pony up. Some day you'll be glad you did. If for no other reason, do it in your own best interest.
And remember kids: Never trust a computer you can actually lift.
What's so difficult to understand for those GPL zealots out there?
Theo is NOT talking about code. He couldn't care less about the code!
He's talking about MONEY. OpenBSD and OpenSSH need money to pay Theo's (and other's) income, bandwidth, servers, etc. How does the GPL help when you need money? It does NOT help!
I have thought along similar lines, but it really demonstrates something that we must quit ignoring.
"Free" is an illusion.
When we use "free" software, we pay for it one way or another. Time or money, and, no, time is not money.
Money is green stuff that you through around on the crops to make things grow, as somebody in some famous musical once said, quoting somebody else, I'm sure. When you collect too much money in one place, it goes fetid.
Time is the true currency, although too much time can go fetid as well.
The licenses are gentlemen's agreements. It's a trade of time for time, with rules of courtesy. (EULAs are _not_ gentlemen's agreements, I am not taking about those licenses, they don't deserve to be called licenses.) The licenses form the ground rules for the community that forms around the software. It's very much like the old guilds, although much more open in a very good way.
With the GPL, some of the rules of courtesy which are important for maintaining the infrastructure of the guild are explicit. We might assume that this is because Stallman is a cynic, or because he is a realist, but must people are still confused and think he is an idealist.
With the BSD license, the rules are implicit, derived from the external society, the (Christian, though not entirely uniquely so in the current view of history) principle of casting one's bread on the water. It is expected that the waters will bring the bread back, multiplied. And this is where things have broken down.
Even under the BSD license, the rules of giving back are natural laws, and are not suspended. Humans whose primary product are sales presentations have no idea that they have to give back or the resource will be depleted. Stallman recognized that, Theo has not yet.
People have to be reminded to be courteous, and that's why an idealist and general nice guy like Theo ends up making enemies. The license doesn't remind people, so he has to spend his energy reminding them.
Putting new source under GPL would be one solution, but, as is well known, it is not one that can really be considered yet. A new modified BSD that contains a non-binding reminder that the resources don't renew themselves may be what's in order right now.
OpenBSD has done good work & currently depends on receiving financial donations. Enlightened companies should notice that OpenBSD needs some funding right now & that it would be cheaper to fund them than to have to adopt the support and development of the OpenBSD products they use.
Regardless of what work the OpenBSD team does or doesn't do, Theo de Raadt is the one who will be receiving, and managing, the money. Theo de Raadt, as the public face of OpenBSD, is the only sign we have of why this money is needed and what will be done with it. Thus it is quite reasonable, if the person serving as the public face and cash collector for this funding drive is publicly handling the drive in such a way that he seems to be making unreasonable demands or unreasonable threats, for this to reflect badly on the funding drive itself.
It is as simple as this: OpenBSD is not asking for everyone to just get along with them and not pick on them. If they were, they would be meeting with a much better response. They are asking for money. People tend to have somewhat higher standards of someone who approaches them asking for money than they do the rest of the time, especially when that person is mostly asking for that money to fund a product that most of us don't want or use. The OpenBSD project can't continue to support SSH development on their own? Well, honestly my first response is "well, then let's find someone who can". It has not been at all made clear to me why OpenSSH development is not a task which can be continued by someone else, nor why OpenBSD development must necessarily be tied to OpenSSH development.
Your bizarre comparison to high school social dynamics is a complete non sequitur and I think says more about your mindset regarding the situation than it says about the actual situation itself.
Yes it is, as a part of a very long list of good advice he received over the years on a lot of things, and all of which he proceeded to sneer and snicker on, as only Theo can. DARPA's help is just one item on that very, very long list.
Oh, really? You mean it does not depend on what the purpose of the project is?
In general under open source the money is in consulting, not in the development.
Oh I see, making money for Theo was the whole idea of OpenBSD? NOW you tell us!
A BSD based project is more likely to get inside a corporation and possibly more likely to create consulting work.
Which is a good thing if you are planning to make people appropriate, modify and sell your code while not letting you look at it ever again, in hopes that somehow your celebrity status will make some of them hire you.
Whether a project is BSD or GPL, if someone doesn't want to code themselves, they can hire others to do the work.
True enough, that is why BSD offers no advantage over GPL in this area.
The only difference is whether that work goes back to the community at large and for the company that needed specialized changes that is irrlevant and it may even be counterproductive to the company.
Which, in most cases, as Theo is finding the hard way, is the only type of return expected from commercial involvment in your project. Hoping to get hired by someone using your code is wishful thinking in vast majority of cases. GPL folks understand that, and operate accordingly.
The GPL is not some magic pill. We've seen numerous GPL based projects in financial trouble and begging for donations around here as well.
Of course it is not. But it was never its purpose. The purpose of GPL is to ensure that regardless of who is using or contributing to the code, and regardless of financial circumstaneces of a project, the code remains the property of the community and cannot be stolen and then sold back to us. That is all.
I know that Theo spouting off does him no good with the corporate world. Has he ever thought of getting someone else on his team to do the PR stuff?
Theo is a brilliant engineer, but he has no tact and (seemingly) no restraint. If he allows a more diplomatic member of his team to act as a buffer and sounding board in relations with the press and sponsors, he might avoid burning some bridges in the future.
I'm not saying OpenBSD needs a change in direction, policy, or anything like that. I just think that Theo needs to find a way to stop kicking people in the balls any time he has a knee-jerk reaction.
like why glibc wont have strl*()-functions which may improve security:0 309.html
http://lists.debian.org/debian-devel/2002/03/msg0
It's not like the whole linux world would fall apart if there was some more
string functions which would not go ape on weird inputs.
I know strl*() isn't a magic bullet to prevent all kinds of badness, but they
really can't be worse than the same functions without bounds checking.
Still, better to bash some BSD...
-- I'm as unique as everyone else.
Our company would be more inclined to donate if we knew that the money we gave would go directly to support OpenSSH. We have no interest in supporting OpenBSD. Fork OpenSSH into it's own project with separate financing and management, and we'll send you some money.
> For a business that uses OpenBSD code, it would just make good business sense to
> support the project at a fraction of what it would cost to develop the same code
> in-house.
I disagree. If the company pays the OpenBSD team, the code gets written, but if it does not pay, the code still gets written. As long as the OpenBSD team is writing code without requiring payment, it makes far more sense for the company to not pay. After all, what's the point? Only in the free software world is there that "giving back" mentality. In the business world, nobody pays for what they already get free.
Now, if OpenBSD team stopped development due to financial difficulties, would it make sense for a business to pay them to resume? Perhaps. But a typical manager would make a different choice; he would hire in-house programmers to fork the project and continue development without sharing the source. A good manager does not give away what he dearly paid for.
> It is ridiculous that Sun wouldn't even cover the travel expenses
> of an OpenBSD developer to go their conference
Why would Sun want to go out of their way to have a competitor come to their conference?
"according to Stallman, if I'm a hairdresser or a butcher I can sell my services, if I'm a programmer I must be a hippie for the good of mankind and sell T-shirts."
Outstanding bullshit. It is *exactly* the opposite!!!
According to Stallman, if I'm a hairdresser or a butcher, I can sell my services, if I'm a programmer I can sell my services too!
The question is that since the hairdresser won't ask you for money each time somebody see your hair, or a butcher will ask you for money when you buy the meat, but he won't ask for more money if you use it to invite your friends (multiuser license), or if you resell it, the programmer should ask for money against their services (coding) but shouldn't add any kind of extortion about further usage of what you coded, just the same the hairdresser or the butcher won't ask for more than the fair value of their services (cutting hair or selling meat).
A careful reader of the interviews that come up with Theo occasionally will note that he's pretty good about endorsing the companies who actually support the project. Just in that short interview he mentioned a couple of wifi chipmakers who actually share information. The expectation is that the open-source concerned reader will support those companies in favor of the ones which are mentioned who do not share information.
Past experience suggests that the average Linux kiddie is more likely to take the binary driver and run, particularly if there's game playing to be done. But it seems Theo's doing a reasonable job of supporting the supportive vendors.
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
Jerry A. Taylor
City Manager
Tuttle, OK
Dear Jerry,
you like secure operating systems. So does Theo de Raadt: he loves them!
Please contact Theo directly at *deraadt@cvs.openbsd.org*
Be firm: Theo will help you, but only if you are make it clear that you expect help, and you want it now. (I think that when you contacted CentOS's team, you were sort of beating around the bush. That won't work with the OpenBSD team. Be direct!)
Theo will respect your 22 years of IT experience. And, I think he will be impressed that you worked at Raytheon--wow!
No need to call the FBI to get a response from Theo and his boyz. Enjoy!
--A concerned citizen
Actually, no, he's not claiming that the world owes him something. He's claiming that his act of creation and contribution does not cause him (well, specifically, the OpenSSH developers) to be owe anything further to the people who take advantage of their contribution.
That is an entirely different issue.
"From the beginning of history, the two antagonists have stood face to face: the creator and the second-hander. When the first creator invented the wheel, the first second-hander responded. He invented altruism.
"The creator - denied, opposed, persecuted, exploited - went on, moved forward and carried all humanity along on his energy. The second-hander contributed nothing to the process except the impediments. The contest has another name: the individual against the collective." - Howard Roark in The Fountainhead by Ayn Rand.
Since it's obvious that many here haven't actually read what they're flaming about, here's the last question of that interview:
Sounds completely reasonable -- just calling a spade a spade and not trying to sugar coat anything.Unlimited growth == Cancer.
*that* is called a binary blob driver. It means if you're willing to give control of what kernel you run to this company then you can use their driver. Essentially this boils down to them controlling your whole machine and is why Linus refuses binary drivers. ("No, you can't use this new kernel feature", "no, you can't debug this crash", "sorry, we're out of business, you can't upgrade your kernel ever again") There's nothing to praise about that.
Malloc
___________________ I want to be free()!
If you disagree with his point, how about stating why you think it's wrong rather than just bitching about 'classic theo'.