Slashdot Mirror
Theo de Raadt Discusses OpenBSD and Beyond
emil writes to tell us that NewsForge (Slashdot Sister Site) is running an interview with OpenBSD project leader Theo de Raadt. In the interview Theo explores the upcoming release of OpenBSD 3.9, continuing financial difficulties, and some of the tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back. In related news the Jem Report has an interesting writeup that expounds on widespread difficulties that could be faced if the OpenBSD project continues its downward spiral because of their parallel development of OpenSSH.
http://www.openbsd.org/ might even be a better source yet.
Because BSD is an Operating System, and GNU/Linux is an operating system... try reading that article again.
How Unix like is it actually?
Well, it traces back to BSD, unlike Linux, which was a kernel written to go with GNU, which in turn is written from scratch. While the free BSDs have changed a bit since they forked in the early nineties, they still are descendants of UNIX, and are much more close than GNU is, for better or for worse. (NetBSD is probably the closest of Free,Net,Open,&c.)
Finally, for real, today's topic is: BSD is dying
All other posts are off-topic. Enjoy!
...that some feel are taking advantage of the free software without giving anything back.
Damn. I wonder if there was anything they could have done about that?
Religion for nerds. Stuff that really matters
Nvidia did not give anyone documentation. Instead, they expect people to load a gigantic blob of binary code into their kernel, and just be happy with that. Some Linux people in Germany reverse-engineered the driver years ago, but the rough story I heard is that Nvidia asked them to stop, and they did. This just astounds me!
Gee, I don't know, maybe they had lives they didn't want to sacrafice for the cause Theo. He then goes on to slag linux developers in general but maintains that he doesn't really go into advocacy.
How we know is more important than what we know.
"I will say it here -- if an OpenSSH hole is found that applies to SunSSH, Sun will not be informed. Or maybe that has happened already." - Theo de Raadt
I'm sure they'll find out when everyone else does.
Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products.
What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
For our work on OpenSSH, companies using OpenSSH have never given us a cent. What about companies that incorporate OpenSSH directly into their products, saving themselves millions of dollars?
No, they haven't been saving themselves "millions of dollars". If OpenSSH didn't exist, people would implement some other free ssh client or switch to a different standard.
If you release something under a FOSS license, figure out your business model beforehand. Of course, Theo actually did: his work on BSD has given him plenty of exposure and celebrity status, which many would consider ample reward for his work, and something he wouldn't have gotten if he had founded a small software company instead. And I'm sure he could (or could have) translated this into consulting opportunities and other business, without even changing the license on anything. But, like many celebrities, it's just never enough.
Wow, is Jem ever whiney...
http://outcampaign.org/
Is it just me, or does anyone else always feel the urge to pronounce "Theo de Raadt" as "Theo da Rat" with a mafia godfather style accent?
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
This is a perfect example of the problem with BSD licencing. Under the various BSD licences, its perfectly OK to take a piece of code and sell it, either modified or exactly as found, without in any way recognising or contrubuting to the project. Run "strings c:\windows\system32\ftp.exe" on a WinXP box and you'll see a perfect example of uncredited work. At least under the GPL if someone sells an unmodified program, the project will get recognition (since it will have to remain open source, and thus the origion of the code will be obvious), and if they sell a modified version the project will get the source for the modifications back. Neither directly equates to funding, but publicity and a better code base both help to attract financial support. Both arrangements depend somewhat on the cooperation and altruism of the entity using the code for a profit, but the GPL isn't quite so hopelessly naive.
Where to start?...
BSD is an operating system. It consists of a kernel (like linux), a userland (like GNU), and a bunch of applications which are largely source-compatible with Linux.
The BSDs share the fundamental gcc/gas/ld toolchain with GNU, but pretty much everything else (particularly the C library and make) they have their own version of. It is *possible* to run the BSD system on Linux (though not very easy), and actually very easy to run the entire GNU system on BSD. But they are different projects.
OpenBSD was the result of a squabble between Theo and the NetBSD team. This was a felicitous squabble for the rest of us, because OpenBSD is a great operating system.
All's true that is mistrusted
Religion for nerds. Stuff that really matters
I bought the T-shirt; does that count?
"Can anyone tell me why BSD with it's enhanced security isn't incorporated into most Linux distros?"
It's not a simple matter of importing code, to duplicate the changes in the Linux kernel and the GNU toolset would be prohibitively difficult. Also, much of the improved security comes at the expense of performance or functionality.
I rarely criticize things I don't care about.
I was recently asked in a job interview "If Theo de Raadt and Dan Bernstein were locked in a room with knives, who would you want to come out alive?"
;P
(and my interviewer is probably reading this, in which case, "Hi there!")
I said I wanted Dan Bernstein to come out alive, because I actually use his stuff in production as opposed to OpenBSD... but after thinking about it for a while I realised that OpenSSH is perhaps more important that Dan Bernstein's stuff. I mean, Dan never updates qmail and any of his tools... Theo may as well bump him off for all I care.
If you're a Linux user and you like your madwifi driver, you can thank the OBSD ath driver. Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it. Anonymous CVS? Theo came up with it after NetBSD kicked him off the commit list. Randomized mmap, stack protection ... there's a lot of development being taken from openbsd. We've all got an interest here.
All's true that is mistrusted
But this guy is an ass. There are plenty of Open Source products that people don't pay for. Does Google pay for Linux and Apache? Does Yahoo pay for FreeBSD, does Apple? Nope. If you don't like it, don't use the license.
Someone would probably give OpenBSD a grant, but Theo has already proven he doesn't know when to shut up and has problems playing with others. Cry me a river.
The more you know, the less you understand.
Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products. What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
No, it's far simpler than that. Apple and SCO *paid for* BSD. BSD was paid for by the taxpayers of California, including corporations like Apple and SCO. Perhaps Theo noticed a "Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved" somewhere in his review of the source code. Perhaps Apple and SCO believe they have contributed more than Theo. Besides cash Apple has also contributed formerly closed source, for example the HFS+ support in Darwin. Self serving, so what, Theo, RMS, and a host of others aren't?
I use OpenBSD and despite Theo's nonsense I support it by buying a CD every year. If Theo want's his pet projects funded he needs to learn to stop pissing off large potential contibutors, DARPA for example.
Some companies use open source software and they don't pay for it??!! I for one am shocked.
I've got three letters for you: G-P-L.
Should have believed Stallman...
But given that it's the money they want and not the code, GPL wouldn't help in this instance. Unless of course they dual license it, in which case they simply put a price tag on the freedom and sell out once somebody pays enough.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Especially "or maybe that has happened already". Is the great diplomat Theo de Raadt now resorting to extortion?
OT: Who's running OpenBSD on Dell poweredge servers?
If Apple doesn't already pay for NetBSD (which they use), then why on earth should they be expected to pay for OpenBSD (which they don't use)?
Because if they don't, then Theo de Raadt will shoot this adorable rabbit with "OpenSSH" written on it? Meh.
I mean, I'm sure that the loss of OpenBSD would be a sad thing for the open source community, but this entire fundraising drive just smells like the old Oral Roberts "if I don't raise 8.7 million dollars, God will call me home" thing. It seems rather unbecoming of a pillar of the open source community like OpenBSD to undermine the "the marketplace of ideas created by copylefted code means we can give our product away and still support ourselves" message of open source by floating this "WE CAN'T JUST GIVE OUR PRODUCT AWAY AND STILL SUPPORT OURSELVES!! YOU, GIVE ME MONEY!!" message on top of it.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
It's not that the Foo Corp is using OpenSSH w/o paying Theo or the OpenBSD/OpenSSH crowd. No one (including Theo) has a problem with that.
It's that some companies *cough*Sun*cough* make all kinds of noises about being "open" and "supporting open source" and market the crap out of it purely because it's the latest buzzword, when in reality they just don't give a shit.
That's what gets to Theo... and others.
Theo may be a jerk, but that's not the point here. The OpenBSD team does great work that gets ported to other platforms or just flat out embedded, but no one wants to lend a hand. This interview did not strike me as whiney or greedy; Theo never came across as wanting to get rich, with his grand aspirations of paying travel expenses for poor developers.
His request is very reasonable - everyone is benefitting, and those who are in a position to give a little back should do so. He didn't say fund the project, he said contribute a little. Jeez, anything really.
This whole Slashdot anti-Theo movement is lame, it's like watching jocks push the nerdy quiet kid around in high school, which is a bit ironic considering that many of us *were* those nerdy quiet kids. Stop trying to be part of the "in" crowd by bashing this guy and read the article with an objective eye.
A while back -- pre-SCO -- OpenBSD did a "license audit". I don't have the list in front of me but a sizable number of reasonably well-known open source projects had questionable licences. Theo really did ask nicely and got most of them changed.
TCP Wrappers IIRC was one of them, pppd another (again IIRC).
Like Theo or hate him, he's done more for the Open Source community than just piss people off.
An OpenBSD CD set is $49. If you've ever used OpenSSH or x.org X11 (read the article), you've already got your money's worth. In addition, chances are that somewhere in your organization (or at your house?!?) there's an OpenBSD-based firewall happily chugging away with PF and CARP.
So cut the anti-BSD crap and get over Theo's personality for like 10 seconds and pony up. Some day you'll be glad you did. If for no other reason, do it in your own best interest.
And remember kids: Never trust a computer you can actually lift.
What's so difficult to understand for those GPL zealots out there?
Theo is NOT talking about code. He couldn't care less about the code!
He's talking about MONEY. OpenBSD and OpenSSH need money to pay Theo's (and other's) income, bandwidth, servers, etc. How does the GPL help when you need money? It does NOT help!
If OpenBSD find a bug in OpenSSH they will surely post a notice and release a fix. I don't see how they can keep the information from sun.
I understand that Theo is still Theo, and that they should get some help from Sun, but I don't think his approach is very realistic.
http://michaelsmith.id.au
> tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back
Since when are people who use OpenBSD without giving anything back has to get some tension from the developers? It sounds like now it's a payware. I'm not against a payware, just that if you have to give tension to people without giving code or money back, then really, make it payware or respect the BSD license.
I for one thank all the great work done on OpenBSD project, but if they need money, they should establish some way of making money than just gazing at the people who use by the license and expect something in return as that's the rule.
I mean, world isn't that easy to get money by waiting and expecting people to pay. OpenBSD is not something special. To make money, you do something about it.
This approach seems to work for MySQL.
http://michaelsmith.id.au
I say onto Theo: Tough Cookies! You made your bed, you sleep in it!
BSD vs GPL is not relevant. Theo's bed was made by driving away potential sources of income like DARPA.
I have thought along similar lines, but it really demonstrates something that we must quit ignoring.
"Free" is an illusion.
When we use "free" software, we pay for it one way or another. Time or money, and, no, time is not money.
Money is green stuff that you through around on the crops to make things grow, as somebody in some famous musical once said, quoting somebody else, I'm sure. When you collect too much money in one place, it goes fetid.
Time is the true currency, although too much time can go fetid as well.
The licenses are gentlemen's agreements. It's a trade of time for time, with rules of courtesy. (EULAs are _not_ gentlemen's agreements, I am not taking about those licenses, they don't deserve to be called licenses.) The licenses form the ground rules for the community that forms around the software. It's very much like the old guilds, although much more open in a very good way.
With the GPL, some of the rules of courtesy which are important for maintaining the infrastructure of the guild are explicit. We might assume that this is because Stallman is a cynic, or because he is a realist, but must people are still confused and think he is an idealist.
With the BSD license, the rules are implicit, derived from the external society, the (Christian, though not entirely uniquely so in the current view of history) principle of casting one's bread on the water. It is expected that the waters will bring the bread back, multiplied. And this is where things have broken down.
Even under the BSD license, the rules of giving back are natural laws, and are not suspended. Humans whose primary product are sales presentations have no idea that they have to give back or the resource will be depleted. Stallman recognized that, Theo has not yet.
People have to be reminded to be courteous, and that's why an idealist and general nice guy like Theo ends up making enemies. The license doesn't remind people, so he has to spend his energy reminding them.
Putting new source under GPL would be one solution, but, as is well known, it is not one that can really be considered yet. A new modified BSD that contains a non-binding reminder that the resources don't renew themselves may be what's in order right now.
Both NetBSD and OpenBSD are great platforms and each have their benefits. Prehaps it is time for OpenBSD to join into NetBSD.
I realized that people said and did bad things in the past, but come on, let by-gones be by-gones. We are all adults and time heals old wounds.
There must be a way to convince the OpenBSD and NetBSD core developers to work together.
Maybe I am just a wishful thinker.
OpenBSD has done good work & currently depends on receiving financial donations. Enlightened companies should notice that OpenBSD needs some funding right now & that it would be cheaper to fund them than to have to adopt the support and development of the OpenBSD products they use.
Regardless of what work the OpenBSD team does or doesn't do, Theo de Raadt is the one who will be receiving, and managing, the money. Theo de Raadt, as the public face of OpenBSD, is the only sign we have of why this money is needed and what will be done with it. Thus it is quite reasonable, if the person serving as the public face and cash collector for this funding drive is publicly handling the drive in such a way that he seems to be making unreasonable demands or unreasonable threats, for this to reflect badly on the funding drive itself.
It is as simple as this: OpenBSD is not asking for everyone to just get along with them and not pick on them. If they were, they would be meeting with a much better response. They are asking for money. People tend to have somewhat higher standards of someone who approaches them asking for money than they do the rest of the time, especially when that person is mostly asking for that money to fund a product that most of us don't want or use. The OpenBSD project can't continue to support SSH development on their own? Well, honestly my first response is "well, then let's find someone who can". It has not been at all made clear to me why OpenSSH development is not a task which can be continued by someone else, nor why OpenBSD development must necessarily be tied to OpenSSH development.
Your bizarre comparison to high school social dynamics is a complete non sequitur and I think says more about your mindset regarding the situation than it says about the actual situation itself.
GPL based distributions have to beg too. I have rough recollections of several such requests appearing on slashdot in recent memory, I don't recall the details but a quick google finds:
0 18188.htm
"The first public signs of financial trouble at MandrakeSoft appeared in March 2002 when Mandrake began asking users for donations and changed their support structure to get a new revenue stream."
http://geek.com/news/geeknews/2003Jan/osg20030116
Theo's bed was made by driving away potential sources of income like DARPA, not his choice of BSD over GPL.
google pays for linux and apache.
Sun bought and open sourced both StarOffice and Netbeans, they've open sourced Solaris and the UltraSPARC processor core.
I'm sure there are plenty other projects, but Sun have donated what must amount to many millions of dollars of code to the community.
Sure they use other open source projects (in line with their licenses) and while they presumably aren't throwing money at Theo it seems unfair to brand them as anti-opensource when they've done a lot of good.
(from the OpenSSH History page)
I have to wonder how long it will be before the commercial SSH folks are talking to apple and sun and so on about really cheap bulk licenses.
In any case: development and maintenance costs don't magically stop when there is no tax-funding of the project. If people want it to survive, they do need to continue sponsoring it.
Theo forked a BSD licensed project to create OpenBSD. If he wanted money, then he should have forked into a proprietary license. He forked and kept the BSD license. Since this was a choice, I assume it was made with some forethought. After all, just try to suggest that Theo has made a mistake and he will argue you to death that he knew what he was doing...
So, he OpenBSD and OpenSSH are BSD licensed by choice. That means that NOBODY needs to give them money if they use the source code. The BSD license spells this out, in less than a page of text, so it is hard to say this was buried in the small type...
Theo IS OpenBSD/SSH, and THAT is the real problem. Theo pisses people off, and alienates corporations that would donate to a OpenBSD/SSH project. He needs to incorporate OpenBSD/SSH and give himself a little abstractionb from the process if he wants someone else to help with the bills. Until then there is no 'corporate veil' between Theo and OpenBSD/SSH, and that in itself is hurting the 'movement'.
-Chris
-- This sig is only a test. If this were a real sig it would say something witty. --
It's just you.
"Our interests are to see if we can't scale it up to something more exciting," he said.
BSD licencing would be more appropriate for government or university funded programes where the funding issue is resolved and the benefits of the developers' work go directly to the public, whether commercial or otherwise.
I'm not a developer, but I sort of understand the BSD world.
OpenBSD - led by Theo (whom apparently has a lot of enemies) is a BSD based distribution with the core focus being security
FreeBSD - A BSD distribution based on making it really fast
NetBSD - A BSD distribution based on optimizing Network Configurations
[Please correct any of that so I personally can understand the flavors of BSD better]
Okay why don't the individuals from all three get together and create AllBSD?
I mean take the best parts and make a speedy secure network optimized distro?
I mean what is the point of open source if its not about individuals working together to make the optimum software based on peer review? Is this for the glory of one individual distro? That seems to go against the very mindset of opensource. I understand each distro brings something different to the table, but why not have a centralized distro that everyone contributes to AND have your special spinoff version. The main distro could be licensed out(making $) which then the proceeds could be divided equally among the other distros, and they can make extra money hawking shirts/cds dontations etc.
The very instance one individual(distro) thinks it's better than the cause itself is when things began to decay. Linux is different because they don't squabble (SCO doesn't count they aren't human but monsters grown in a M$ petri dish) and each one provides its own niche in the linux market. BSD is its own tiny market, and consequently can't afford that luxury...yet. A unification for the cause of BSD would instantly put BSD as a forefront as a major OS alternative, and definitely has a lot going for it due to OSX showing that an OS derrived from BSD can be successful.
Like I said I'm not a developer, but I really believe that a BSD deserves a chance to move away from the individual bickering and crying I see currently going on.
Please feel free to reply and shed some light on this situation so I can better understand.
[I appologize for any grammar/spelling mistakes]
No, he meant felicitous. Read it again. It makes sense.
I know that Theo spouting off does him no good with the corporate world. Has he ever thought of getting someone else on his team to do the PR stuff?
Theo is a brilliant engineer, but he has no tact and (seemingly) no restraint. If he allows a more diplomatic member of his team to act as a buffer and sounding board in relations with the press and sponsors, he might avoid burning some bridges in the future.
I'm not saying OpenBSD needs a change in direction, policy, or anything like that. I just think that Theo needs to find a way to stop kicking people in the balls any time he has a knee-jerk reaction.
> Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it.
I thought RALink supported Linux themselves, otherwise, what's this?
Why would you think that he didn't mean felicitous? His opinion is that OpenBSD is a great operating system; therefore, the event that lead to its creation is an event marked by good fortune. So, from his point of view, the squabble was indeed felicitous.
Make love, not sigs
From what I read, this isn't really a licensing complaint. I'm sure de Raadt is fully aware of what happens when one doesn't look out for preserving software freedom for derivative works. His is a complaint about money and the enormous disparity between those who have a lot of money and those who don't; licensing OpenSSH under the GNU GPL wouldn't have gotten the OpenSSH developers the money they seek.
de Raadt noted that "Twice we asked them [Sun] to cover the travel and accommodation costs for a[n OpenSSH] developer to come to their event, and they refused.". That's Sun being greedy and other big businesses (Apple, Cisco, SGI, HP, Siemens, and various commercial GNU/Linux distributors including Red Hat and IBM) not doing anything to lighten the OpenSSH developers' load despite having billions of dollars between them.
It also points out how the marketplace has yet to make right any of this—no doubt Sun can go on treating their unpaid workers at OpenSSH poorly. I hope more people and organizations will recall de Raadt's words when considering doing business with Sun. We have the power to try and shame them into doing something they can each afford, we should use it. Along this line, interesting how individuals have contributed all of the money the OpenSSH team has made from this, despite that amount being under a paltry $1,000.
Digital Citizen
Thanks for the insult =)
Then please explain why so many of the developers of Linux is full time employes of various companies out there? Much of the infrastructure and meetings and so on is also paid by outstanding corps. I dont think Linux is better than *BSD in any way so i assume its the GPL license that makes corps more inclined to help Linux development than *BSD.
HTTP/1.1 400
"Pissing off" DARPA by speaking out against the invasion and occupation of Iraq?
And any organization that distributes proprietary software is more self serving than an organization that distributes software I have the right to run, share, and modify.
Digital Citizen
Trust is good but control is better. Theo de Raadt trusting that developers will handover money out of the good of their hearts for the free work done by the OpenBSD crowd is naive at best and downright stupid at worst. One of the reasons that Apache/PHP/MySQL are so popular is that people don't have to pay for them. That's the way it goes. People/Companies, it doesn't matter.They all will always be looking for a bargain. Even IBM is not supporting Linux because it thinks Linux is so good. It's doing it because there's money to be made.
TdR needs to give companies an INCENTIVE to give him money to develop. Making childish threats is one way, sure, but probably not the most effective. Pointing out to the various companies that there will be no future ssh if OpenBSD goes under would probably help more.
Reading TFA i saw the openssh project got a whopping $1000.00 from individuals, not companies. I believe Linus got more pocket money last month.
Patents Drive Free Software as Hurricanes Drive Construction Industry
If Theo wasn't such a horrible asshole, he would have a much easier time getting grants. I certainly would never give the man a dime, no matter how talented he is. That's the point.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Lazy move on a helpdesker's part. If the OPEN BDSers don't want to work on it, send a form letter or ignore it. Or stew in indignation, whatever.
I really do believe the reason is the GPL license and not that Linux in any way are sexier or better than *BSD. Can you describe in a better way why Linux is so much more popular than *BSD?
As i see it corps and many developers think that if you give something away to *BSD you give your competitors a free lunch they probably wont return. In fact they could just take your code, implement it in an incompatible way in a larger userbase rendering your implementation worthless. GPL prevents that kind of behaviour and doesnt give anyone with a larger userbase the upper hand, like for instance Microsoft. With the GPL they have to reveal the changes. That way you cant take someone elses code and screw the originator from here to mars.
HTTP/1.1 400
It's official, BSD is dead! TdR discusses OpenBSD and the Beyond!
Oh, not *that* Beyond. Never mind.
I'm sorry if I haven't offended anyone
Actually it is less BSD, the bsd license works for Apache (well Apache is not BSD but close enough) really well as does for PostgreSQL.
BSD /is/ Unix, not Unix-like. There's System V and then there's BSD.
BSD doesn't have a special security model, they're just very very conservative. BSD has a lot less code, the pace of change is a LOT slower so the code is mature, and OpenBSD have extensive code reviews. OpenBSD didn't even have SMP support until recently.
Linux puts stress on keeping up with the bleeding edge, lots of features and broader hardware support. Linux does everything from supporting the latest graphics and video cards to supporting dozens of CPUs on enterprise hardware. If you want enhanced security on Linux, go for SELinux or GRSecurity.
I'm sorry if I haven't offended anyone
Why aren't someone already doing a SSH of their own then?
Apart from the proof-of-concept-type ssh clients out there (good or bad)
there is *nothing* to stop anyone from taking the same ssh1-code and
reimplementing all the goodies OpenBSD got in there.
Or write a GPL'ed own ssh for the linux crowds. The specs are there,
the protocol isn't secret.
It's not like it isn't possible, its just that building up that kind
of trust seems harder than you'd first imagine. These guys have made
it, others may not.
-- I'm as unique as everyone else.
Come on guys. Just donate $5. Can you imagine life without openssh? I shure can't.
like why glibc wont have strl*()-functions which may improve security:0 309.html
http://lists.debian.org/debian-devel/2002/03/msg0
It's not like the whole linux world would fall apart if there was some more
string functions which would not go ape on weird inputs.
I know strl*() isn't a magic bullet to prevent all kinds of badness, but they
really can't be worse than the same functions without bounds checking.
Still, better to bash some BSD...
-- I'm as unique as everyone else.
Our company would be more inclined to donate if we knew that the money we gave would go directly to support OpenSSH. We have no interest in supporting OpenBSD. Fork OpenSSH into it's own project with separate financing and management, and we'll send you some money.
This whole Slashdot anti-Theo movement is lame
I agree wholeheartedly.
-Theo
I'm not sure why he's singling out Sun here. I bet he hasn't sent Sun a donation for continued NFS development. In case he hasn't noticed Scott McNealy isn't swimming in a vault like Scrooge McDuck these days. Sun is loosing money. It has been loosing money for years. If an employee asks a 1st level manager at Sun to pony up some travel money, the answer is "no". According to insiders I know, it's been that way for years. They're in business to make money, and they're aggressively managing their expenses. If you ask an upper level manager for some travel money, and then publicly kick them in the balls... I'm guessing even tactless Theo can guess what the answer is!!
Theo's personallity defects are coming home to roost... His project is having financial problems because he doesn't have the people skills to succeed. It should serve as a lesson to other coders. Coding skill only gets you so far. Spend some time at a Toastmaster's. Learn to analyze the motivations of others without tainting them with your own desires/wishes/motivations. Sadly... This is where most coders fail.
I've read a bunch of posts talking bout the BSD license and debating the finer points of ethics and morality and what people are required to do vs what they should do.
Well..
I'll throw in my 2 cents (and another 10 bucks to OpenSSH).
Contributing some $$$ to a good cause like the work that the OpenBSD and OpenSSH organization does just seems like the right thing to do. I'd hope that other people feel the same. If not, then it's a shame (my opinion of course)
> For a business that uses OpenBSD code, it would just make good business sense to
> support the project at a fraction of what it would cost to develop the same code
> in-house.
I disagree. If the company pays the OpenBSD team, the code gets written, but if it does not pay, the code still gets written. As long as the OpenBSD team is writing code without requiring payment, it makes far more sense for the company to not pay. After all, what's the point? Only in the free software world is there that "giving back" mentality. In the business world, nobody pays for what they already get free.
Now, if OpenBSD team stopped development due to financial difficulties, would it make sense for a business to pay them to resume? Perhaps. But a typical manager would make a different choice; he would hire in-house programmers to fork the project and continue development without sharing the source. A good manager does not give away what he dearly paid for.
> It is ridiculous that Sun wouldn't even cover the travel expenses
> of an OpenBSD developer to go their conference
Why would Sun want to go out of their way to have a competitor come to their conference?
if OpenBSD will close, someone else will continue working on OpenSSH. Deja vou. I don't believe those people who says that a 900Kbyte software can be worked only by those people. It's just a project like anyone else, even if it's a project about security. You probably remember Helix/Eazel/Ximian/Nautilus. Well, Nautilus is not like openssh, but perhaps there have been more complicated software that have been continued by other teams. Let's think to Netscape DS, a huge and complete software, worked now by Sun/RedHat/HP and whoever is still alive and better then never. Genius don't work only for BSD or Netscape...
Jerry A. Taylor
City Manager
Tuttle, OK
Dear Jerry,
you like secure operating systems. So does Theo de Raadt: he loves them!
Please contact Theo directly at *deraadt@cvs.openbsd.org*
Be firm: Theo will help you, but only if you are make it clear that you expect help, and you want it now. (I think that when you contacted CentOS's team, you were sort of beating around the bush. That won't work with the OpenBSD team. Be direct!)
Theo will respect your 22 years of IT experience. And, I think he will be impressed that you worked at Raytheon--wow!
No need to call the FBI to get a response from Theo and his boyz. Enjoy!
--A concerned citizen
It is all tied up in the license, if you do not ask for money upfront, you cant complain later that no one paid up.
should some of these companies pay, definately. Should Theo be mad that people are following the license (ie, you dont HAVE to pay)
You give something away for free, then later complain they should pay for it...I dont think so
The phrase "more better" is acceptable English. suck it grammar Nazis
To donate to OpenBSD you write a check to Theo. There's no OpenBSD foundation, no non-profit, nothing. So I'm supposed to go to my boss, who has to explain it to his, who has to explain it to his, to get a check cut to some guy in Canada because he does good stuff? I might be able to get a CD on the corporate AmEx, but a donation of any real size? No way!
If Theo wants money, Theo needs to set up a non-profit, preferably US-based, get tax exempt status, and see what happens. It isn't nearly as hard, complicated, or expensive as he thinks.
The preferred solution is to not have a problem.
The thing to me that most sucks was that Stallman and the BSD folks basically made a bet on human nature. The optomists are losing badly.
Sad but true, that's why my preferred license is the LGPL, it's a decent combination of both worlds. You want to incorporate my work unmodified? Fine, nobody loses, the source is still "out there". You want to modify my code and redistribute it? Well, either release those changes or pay me to relicense my code. BSD and GPL are both extremes. With BSD, expect the worst, people will use your work and flip you the bird. With the GPL, expect the worst, people will shun your code if they're forced to open code they want to keep closed. Don't get me wrong, BSD and GPL are both morally superior to the LGPL, but based on human nature, the LGPL offers a good compromise between encouraging use and forcing retribution.
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
Not necessarily. Theo just has a crap business model. Red Hat and the like seem to be doing fine.
Actually, no, he's not claiming that the world owes him something. He's claiming that his act of creation and contribution does not cause him (well, specifically, the OpenSSH developers) to be owe anything further to the people who take advantage of their contribution.
That is an entirely different issue.
"From the beginning of history, the two antagonists have stood face to face: the creator and the second-hander. When the first creator invented the wheel, the first second-hander responded. He invented altruism.
"The creator - denied, opposed, persecuted, exploited - went on, moved forward and carried all humanity along on his energy. The second-hander contributed nothing to the process except the impediments. The contest has another name: the individual against the collective." - Howard Roark in The Fountainhead by Ayn Rand.
donate the $49 and do an ftp install. if you really want 3.9 right now, grab it from CVS and do a make release
vodka, straight up, thank you!
GPL is not business friendly.
True, that. Double-true.
The BSD license is business-friendly. But apparently, business is not BSD-friendly.
The GPL was born of the realisation that, without encouragement, businesses will simply take, and not give anything back. Theo is just learning this, it seems.
Microsoft is to software what Budweiser is to beer.
Prove it.
If that were the case, *BSD operating systems would be bigger than Linux. Since that's not the case, your argument is a non-starter, at best mere speculation; at worst, self-delusion.
Microsoft is to software what Budweiser is to beer.
Pretty much everything around the UltraSPARC processors is out and in the open.
His request is very reasonable - everyone is benefitting, and those who are in a position to give a little back should do so.
RMS would agree...which is why the GPL mandates making changes public.
For all that BSD'ers criticize the GPL for not being 'truly free,' it is of particular interest to everyone to note Theo de Raadt's irritation concerning having his code used for commercial ventures without contributing the changes back.
It's like..um..dude.....the whole GPL vs. BSD license debate.
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
It looks like the Asian companies are run by engineers and the American companies are run by lawyers. No wonder our trade deficit is out of control.
Eventually, even the dumbest loonix users will figure it out if you just keep repeating the same old crap. If you keep your BSD is dying trolls original and unique, then they will think its true and keep using loonix. Please do your part to keep brain damaged loonix users off the BSD lists, thanks!
as someone who a) used to run an openbsd site (deadly.org) for years, b) written a book on openbsd (secure architectures ...) c) used openbsd for five years d) had commit access and e) was kicked out (for shutting down deadly.org), i've seen theo and the rest of the project up close and personal. my subject line says it all: you reap what you sow.
theo's constantly been adversarial, even to his supporters, and no one likes that. shitting on your enemies is one thing, shitting on people who are trying to be friends is another. while theo's not the sum and substance of the project, he's a) it's more forefront spokesman and b) reflecting poorly on the project and c) responsible for driving away many talented developers over the years. the project is suffering for this.
pounding adaptec, sun, and many other vendors publicly and privately just gets you only so far in a positive direction, but a lot further in a negative direction. anyone who has watched openbsd over the years knows what i'm talking about.
while i see openbsd suffering financially and lots of people using the code without contributing anything substantial back, the license allows this (and even encourages this) and the project itself has really suffered for theo's mistakes in the past. don't like it? change the license to force people to contribute money or code or something.
example: the company i work for implemented TCP MD5 and agreed to share it with the project. it took a while to clear management, but eventually it did. harassing emails (from theo) for weeks on end were unwelcome and no way to say "thanks" for what is a donation. this is typical theo. openbsd project members work here and contribute fixes we find to the project, and i think we all expect that will continue.
if this is how the project reacts to people trying to help, why should anyone bother?
... maybe they should make a new project for a new license ?
After OpenCVS, OpenBGPD, OpenSSH, maybe we get (drumroll...)
OpenLicense ? It would be, like, this really totally cool
concept, like, you know, you could reuse all the code you want,
but - and this is the really cool bit - you'd have to - get ready! -
GIVE BACK the changes to the community if you redistributed the binaries!
Wouldn't that be cool ? And you could, you know, make a manifesto or
something, and - now this is really catchy - call it the BPL! YEAH!
The BSD Public License!! And you could start all kinds of really gnarly
software projects under that license!
And Theo wouldn't even have to grow a long beard, wear a toga and go around with an old hard disk platter on his head -- cause it wouldn't be like this would be about calling to people's moral obligation to share software, cause, you know, software should be free, no, this would be to finance OpenBSD! W00t!
You immediately lose all credibility, regardless of topic, when you advocate violence against people you disagree with. Did you think everyone would say, "gee, what an enlightened, thoughtful person - I wonder what else he'll have to say?" Do you think you're doing non-Republicans a favor by confirming Republicans' suspicions that you and your co-believers are nuts?
On behalf of everyone who isn't in your club: screw you and grow up.
Dewey, what part of this looks like authorities should be involved?
Clearly you have much to learn about being nice and putting things in perspective; how little it would have cost Sun, for instance, to do as the OpenSSH developers twice asked versus how selfish, greedy, and thankless it makes Sun look today. Another reminder of how big businesses should not be conflated with individuals in any sense.
Or perhaps you're really affirming power like a sycophant; you wish to continue to wield the power of thanklessness over those that choose to license under non-copylefted free software and open source licenses. You see a chance to justify using their works as you see fit by giving us an overly expansive interpretation of licensing, as if licensing covers everything. Saying thank you isn't a part of any license, nor could you enforce such a clause. But it sure looks bad when you don't thank anyone who helped you like Sun isn't thanking the OpenSSH developers.
Digital Citizen
He's not saying that things will not be fully disclosed. He's just saying that Sun will not recieve any special or prior notification. FreeBSD, NetBSD, and the Linux distros, yes, will get some warning and time to make patches. Sun can read about it when everyone else does.
Here's the quote that shows you're wrong:
"Or maybe that has happened already."
There's no such thing as "secret" notification to the Linux distros. They deal with things via an open process. Further, Sun is a huge client of RedHat and SuSE, would would inform them IMMEDIATELY if they did get "secret" notification. In order to actually make this happen, he'd have to leave all the Linux distros in the cold, too.
And since he's suggesting this has already happened, and the Linux distros haven't been notified, there you have it.
Since it's obvious that many here haven't actually read what they're flaming about, here's the last question of that interview:
Sounds completely reasonable -- just calling a spade a spade and not trying to sugar coat anything.Unlimited growth == Cancer.
I'm not surprised, I understand that the OpenSSH license allows this to happen. I'd go further than what you say: multinational corporations have long proven their greed knows no bounds and they've done so in far more important situations than this. But this is not a licensing concern. At this scale of importance it's more an issue of manners, how people and organizations ought to behave in polite society. I think people are expressing disappointment that Sun has repeatedly turned down easy opportunities to be friendly with people who have helped them; the amount of money it would have cost Sun to do the nice thing here is many orders of magnitude less than the amount of money made from building on and commercially distributing OpenSSH.
Sun isn't the only organization in this position either, this isn't a bad apple situation. This is part of a pattern of big business policy decisions to behave in this fashion. Big businesses have a chance to look like they aren't rapaciously greedy. They're choosing to throw that chance away (for widely understood reasons which many protest daily in anti-corporate movements around the world) and it's our job to make sure these businesses know that we won't forget the choices they have made.
Digital Citizen
Actually, what is on-topic depends on the specific flavor of BSD being discussed.
If FreeBSD then post a "FreeBSD is dying" troll.
If NetBSD then post a "does it run on a toaster" joke
If OpenBSD then post about Theo being an asshole.
No, I meant "felicitous", as I wrote
All's true that is mistrusted
Giving distros a window in which to prepare and patch is responsible.
Yes, it is. And refusing to give a very popular OS that same window is, conversely, irresponsible. Even assuming that's what Theo meant.
Companies like Fedex and UPS rely on Sun software for projects that, among other things, make sure terrorists aren't sending bombs to schools. That's what Theo is impacting when he refuses to disclose information.
You missed my point totally.
---- Booth was a patriot ----
Subjecting an SSH implementation to the same level of auditing as OpenSSH has had and building it up to the same level of confidence is much harder.
I am TheRaven on Soylent News
that was written by Jem Matzan, not Theo. Learn to read.
Even if the community would have found another SSH solution, is it really too much to say thank you about it? What about not being popular as a personality makes Theo's work not useful to the community? OpenSSH is a useful tool. Theo is just trying to point out that, as citizen of the open source world, a lot of big names are taking and not giving. Yes, it is their right, no, they are not obliged to help out in any way whatsoever, but it still is a crap way to treat the people around you.
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
You're sliding the case again from "late disclosure" to "non-disclosure".
Yes, based on evidence that I cited and explained. He either meant non-disclosure or the whole thing was BS posturing.
Third: bomb-detection machines? WTF?
No.
No, BSD vs GPL licensing has nothing to do with this. Theo's irritation is that OpenBSD is having financial problems, and nobody using applications original from the OpenBSD code base, like pf and OpenSSH, is stepping up to the plate and paying OpenBSD's bills. If OpenBSD had been developed entirely under the GPL, OpenBSD could still be having financial problems, because a commercial application using GPL'd code is under no obligation to pay a portion of their proceeds to the developers of the GPL'd code.
Other BSD licensed open source projects, like Apache and FreeBSD are doing much better financially because they have large corporations using their products who are willing to contribute money and/or services like web hosting in addition developer time. So OpenBSD's real problem is that either they haven't found a corporate sugar daddy, or Theo's managed to sabotage any deals that might have happened in the past.
I think it's simply a case of people being stupid, and only realizing the value of things after they've lost them. OpenSSH is still around, and it's free - therefore, it's "worthless", even though all of them use it, and would have to spend millions if it wasn't available.
The Tlog - a technology blog
They wants donations so that he can fly his develops to hackathons to make more code. Do you think putting it under a GPL license would fix the problem by forcing the companies to donate money? Nope.
Instead I'm sure you think the companies will do the coding in place of the known good developers and then the project would get the code (of unknown quality) that way.
The company 'might' give code changes back.
*IF* they made any changes to it.
*IF* they were distributing the software.
And *IF* they were sure they would get caught if they didn't. (lots of companies have broken the GPL until sued or threatened to be sued)
It's like.. um .. dude.. nothing at all to do with the whole GPL vs BSD license debate.
It's reminding folks that if they find some open source software useful, it would be a nice thing if they contributed back a tiny fraction of the benifit that they recieve from it in some way. The GPL doesn't stop someone from using it a ton with no payback as long as they aren't changing and redistributing it.
New poor geeks all over the place were rapidly getting internet connections for the first time. They could either start playing with Linux, or BSD... which might go away if the lawsuit went badly. Lots of folks started playing with Linux that might otherwise have started playing with BSD.
That's not the whole reason for the current distribution of the userbase, but it certainly played a role.
I wouldn't bill per hour on this- in reality, I'd contribute to an OpenSSH project (Never mind that they work on OpenBSD as well- what they do so long as they support OpenSSH is none of my business...kind of like my GPL/LGPL based projects versus work...) if they got a salary and _supported_ OpenSSH proper. If it doesn't need much work, that's fine, they still get the salary and support- because they were there when they're really needed.
Sure, donating to OpenBSD's analogous- but with all the off pronouncements from Theo over time has soured that idea in many people's minds, myself included. It's a tough sell right now.
And Theo's current screed that we're discussing makes it just that much harder- the companies he's commenting about are perfectly within their rights per the license the stuff's under and all. Sun's just taken the team's offer up and privitized the codebase- per the license they chose to put the codebase under. Sorry, can't feel sorry about any of the team in that regard. Same goes for anything else, including IBM sending people their way for support (They didn't write it, the OpenBSD team did...)- they could have said, "Hey, want priority support from us? Donate to the project...", but apparently it occurs to Theo that complaining about it all and doing nothing about it himself directly will get better results.
Honestly. Change the tone and tune and you might be surprised. I'm sure Theo would get better traction for things if he wasn't QUITE so abrasive. Stallman's almost as bad as Theo in this regard. Both of them would get better results if they weren't QUITE so adversarial about things.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Really. Anyone who's using OpenSSH and *not* OpenBSD doesn't really need Theo's team at all. You have all the code.
And then watch that fork get a bad reputation because of all the new bugs and security issues which crop up because few people have a really good understanding of crypto and security implications. People will ignore the fork. Sun Microsystems know how to code, right? They've got the coders and they've got money to pay them. Yet they have messed up SunSSH, a fork of OpenSSH, royally.
Solution? Just do nothing for now.
Wow, how very enlightening. This is so very pro OSS!
The people who brought us OpenSSH, people who matter, did not "just do nothing". If everyone outside of corporations "just did nothing", then we would all still be using Windows or MacOS 9 (or a lesser OSX).
People who do nothing, don't matter. You, don't matter. So why should anyone listen to such crap that you spew?
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Obligations are ultimately not between man and man, but between man and God.
But that does not mean that the shirking of an obligation causes no one problems.
I don't know Theo's thoughts. I don't know God's thoughts in this matter. Maybe openbsd has filled its purpose and it's time to move on.
But maybe there is nothing wrong with Theo pointing out that, should a changing of the guard be forced before its time, those who have been making money from the obsd team's largess will find themselves severely inconvenienced.
And, yeah, the bad karma is exactly the point. Maybe it's a little awkward for the warning to come from Theo, but some people need to be warned they are breeding a wart on their own noses, erm, generating bad karma for themselves.
ror
It's all in the attitude and presentation to the public. He certainly acts like there is a moral obligation for companies to give him money. It's also not clear where all the money will go to. Checks are to be made to Theo personally. I can't tell, is there a charitable organization behind OpenBSD? If so, then they need to run it like one. If not, then Theo has no right to act like one.
Now compare this to Wikipedia. There's none of this "you owe us" business. There's a very transparent budget and list of contributions. And there's a non-profit organization behind it all.
Hmmm yeah the ultrasparc hdl has that pesky Gnu Public License.
l
http://opensparc-t1.sunsource.net/download_hw.htm
You may not have much of a choice soon. Unless you want to be like the people still trying to keep BeOS going.
The linux sandbox is full of crap and has a crowd that is incompatible with OpenBSDs.
Why do you say this? What make you think it is full of crap? Linux runs the biggest machines in the world, some of the most important networks and business systems. I have coded for both and I can tell you OpenBSD is NOT that far from Linux. Indeed, look at the little differences between the BSD version of openssh and the portable version.
The ONLY reason I switched from BSD to Linux all of those years ago was that Linux was leaving BSD behind. That is true today.
If you read what I wrote you would see I mentioned that it is the earlier version plus the socket, semphore and other stuff that we know as SYS V today. My original statement is still true and you don't dispute it, OpenBSD is NOT Unix.
with Linux you might have a bigger sandbox, but what good is it when it's full of shit and kids that are constantly pissing in it? Also, what good is it to have 100 different sandboxes especially when it contains the same shitty, pissed on sand. ;)
Like sounding like an idiot I see. Everyone knows there is only ONE linux, not 100. Controlled by one guy - Linus Torvolds. There are different distros however. The base is the same. You also confused BSD with Linux, BSD is the sand that is pissed on and shitty. Linux's sand has been cleaned and sifted through the efforts of people around the world. You know, once we got rid of the shitty pissed on BSD code. BSD's code is so bad that even Microsoft had to abandon it and re-write their TCP/IP stack that they ripped off. That was reported on /. years ago.
OpenBSD is well engineered.
Your the one on crack. As I mentioned, Linux exploits have been ported to BSD and work just fine. There is NOTHING superior to BSD. I find it comical that you even try to explain the security problems away as human error, then say it is superior engineering. Make up your mind first.
I loaded OpenBSD's latest version about 2 months ago just to see if it had come forward any. I had a tough time getting it in the first place and then I saw no reason to keep it. It still sucks. It is like your trying to say horse and buggy is better than a car. Go ahead, keep your horse and buggy.