Slashdot Mirror
Theo de Raadt Discusses OpenBSD and Beyond
emil writes to tell us that NewsForge (Slashdot Sister Site) is running an interview with OpenBSD project leader Theo de Raadt. In the interview Theo explores the upcoming release of OpenBSD 3.9, continuing financial difficulties, and some of the tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back. In related news the Jem Report has an interesting writeup that expounds on widespread difficulties that could be faced if the OpenBSD project continues its downward spiral because of their parallel development of OpenSSH.
Finally, for real, today's topic is: BSD is dying
All other posts are off-topic. Enjoy!
...that some feel are taking advantage of the free software without giving anything back.
Damn. I wonder if there was anything they could have done about that?
Religion for nerds. Stuff that really matters
"I will say it here -- if an OpenSSH hole is found that applies to SunSSH, Sun will not be informed. Or maybe that has happened already." - Theo de Raadt
I'm sure they'll find out when everyone else does.
Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products.
What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
For our work on OpenSSH, companies using OpenSSH have never given us a cent. What about companies that incorporate OpenSSH directly into their products, saving themselves millions of dollars?
No, they haven't been saving themselves "millions of dollars". If OpenSSH didn't exist, people would implement some other free ssh client or switch to a different standard.
If you release something under a FOSS license, figure out your business model beforehand. Of course, Theo actually did: his work on BSD has given him plenty of exposure and celebrity status, which many would consider ample reward for his work, and something he wouldn't have gotten if he had founded a small software company instead. And I'm sure he could (or could have) translated this into consulting opportunities and other business, without even changing the license on anything. But, like many celebrities, it's just never enough.
Is it just me, or does anyone else always feel the urge to pronounce "Theo de Raadt" as "Theo da Rat" with a mafia godfather style accent?
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
This is a perfect example of the problem with BSD licencing. Under the various BSD licences, its perfectly OK to take a piece of code and sell it, either modified or exactly as found, without in any way recognising or contrubuting to the project. Run "strings c:\windows\system32\ftp.exe" on a WinXP box and you'll see a perfect example of uncredited work. At least under the GPL if someone sells an unmodified program, the project will get recognition (since it will have to remain open source, and thus the origion of the code will be obvious), and if they sell a modified version the project will get the source for the modifications back. Neither directly equates to funding, but publicity and a better code base both help to attract financial support. Both arrangements depend somewhat on the cooperation and altruism of the entity using the code for a profit, but the GPL isn't quite so hopelessly naive.
from what i read was that he didnt like the binary drivers...fair enough that is his belief. some people did do a reverse engineer job and were asked to stop. it is germany on the other hand, not the US, they probably have a bit saner laws regarding that (depending on the method of course) maybe they did it out of respect and not fear. who knows. it could be a number of reasons. however, theo wasnt exactly an asshole on that concept, he is suprised they would stop (again we dont know why they stopped) he wished they didnt, he takes issue that they did stop. his opinion mismatched with someone elses. oh well it happens but its not like you said, he didnt slag linux. oh and he does do a lot of advocacy...wireless drivers for instance.... man I never thought I would defend theo
The phrase "more better" is acceptable English. suck it grammar Nazis
Where to start?...
BSD is an operating system. It consists of a kernel (like linux), a userland (like GNU), and a bunch of applications which are largely source-compatible with Linux.
The BSDs share the fundamental gcc/gas/ld toolchain with GNU, but pretty much everything else (particularly the C library and make) they have their own version of. It is *possible* to run the BSD system on Linux (though not very easy), and actually very easy to run the entire GNU system on BSD. But they are different projects.
OpenBSD was the result of a squabble between Theo and the NetBSD team. This was a felicitous squabble for the rest of us, because OpenBSD is a great operating system.
All's true that is mistrusted
Religion for nerds. Stuff that really matters
"Can anyone tell me why BSD with it's enhanced security isn't incorporated into most Linux distros?"
It's not a simple matter of importing code, to duplicate the changes in the Linux kernel and the GNU toolset would be prohibitively difficult. Also, much of the improved security comes at the expense of performance or functionality.
I rarely criticize things I don't care about.
I was recently asked in a job interview "If Theo de Raadt and Dan Bernstein were locked in a room with knives, who would you want to come out alive?"
;P
(and my interviewer is probably reading this, in which case, "Hi there!")
I said I wanted Dan Bernstein to come out alive, because I actually use his stuff in production as opposed to OpenBSD... but after thinking about it for a while I realised that OpenSSH is perhaps more important that Dan Bernstein's stuff. I mean, Dan never updates qmail and any of his tools... Theo may as well bump him off for all I care.
If you're a Linux user and you like your madwifi driver, you can thank the OBSD ath driver. Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it. Anonymous CVS? Theo came up with it after NetBSD kicked him off the commit list. Randomized mmap, stack protection ... there's a lot of development being taken from openbsd. We've all got an interest here.
All's true that is mistrusted
Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products. What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
No, it's far simpler than that. Apple and SCO *paid for* BSD. BSD was paid for by the taxpayers of California, including corporations like Apple and SCO. Perhaps Theo noticed a "Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved" somewhere in his review of the source code. Perhaps Apple and SCO believe they have contributed more than Theo. Besides cash Apple has also contributed formerly closed source, for example the HFS+ support in Darwin. Self serving, so what, Theo, RMS, and a host of others aren't?
I use OpenBSD and despite Theo's nonsense I support it by buying a CD every year. If Theo want's his pet projects funded he needs to learn to stop pissing off large potential contibutors, DARPA for example.
I hope so! I did to and I did it because OpenBSD is rapidly becoming the only OS I trust enough to mount a rented DVD on and be absolutly sure I don't wind up with any sneaky malware...
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Especially "or maybe that has happened already". Is the great diplomat Theo de Raadt now resorting to extortion?
It's not that the Foo Corp is using OpenSSH w/o paying Theo or the OpenBSD/OpenSSH crowd. No one (including Theo) has a problem with that.
It's that some companies *cough*Sun*cough* make all kinds of noises about being "open" and "supporting open source" and market the crap out of it purely because it's the latest buzzword, when in reality they just don't give a shit.
That's what gets to Theo... and others.
Theo may be a jerk, but that's not the point here. The OpenBSD team does great work that gets ported to other platforms or just flat out embedded, but no one wants to lend a hand. This interview did not strike me as whiney or greedy; Theo never came across as wanting to get rich, with his grand aspirations of paying travel expenses for poor developers.
His request is very reasonable - everyone is benefitting, and those who are in a position to give a little back should do so. He didn't say fund the project, he said contribute a little. Jeez, anything really.
This whole Slashdot anti-Theo movement is lame, it's like watching jocks push the nerdy quiet kid around in high school, which is a bit ironic considering that many of us *were* those nerdy quiet kids. Stop trying to be part of the "in" crowd by bashing this guy and read the article with an objective eye.
A while back -- pre-SCO -- OpenBSD did a "license audit". I don't have the list in front of me but a sizable number of reasonably well-known open source projects had questionable licences. Theo really did ask nicely and got most of them changed.
TCP Wrappers IIRC was one of them, pppd another (again IIRC).
Like Theo or hate him, he's done more for the Open Source community than just piss people off.
An OpenBSD CD set is $49. If you've ever used OpenSSH or x.org X11 (read the article), you've already got your money's worth. In addition, chances are that somewhere in your organization (or at your house?!?) there's an OpenBSD-based firewall happily chugging away with PF and CARP.
So cut the anti-BSD crap and get over Theo's personality for like 10 seconds and pony up. Some day you'll be glad you did. If for no other reason, do it in your own best interest.
And remember kids: Never trust a computer you can actually lift.
What's so difficult to understand for those GPL zealots out there?
Theo is NOT talking about code. He couldn't care less about the code!
He's talking about MONEY. OpenBSD and OpenSSH need money to pay Theo's (and other's) income, bandwidth, servers, etc. How does the GPL help when you need money? It does NOT help!
I say onto Theo: Tough Cookies! You made your bed, you sleep in it!
BSD vs GPL is not relevant. Theo's bed was made by driving away potential sources of income like DARPA.
I have thought along similar lines, but it really demonstrates something that we must quit ignoring.
"Free" is an illusion.
When we use "free" software, we pay for it one way or another. Time or money, and, no, time is not money.
Money is green stuff that you through around on the crops to make things grow, as somebody in some famous musical once said, quoting somebody else, I'm sure. When you collect too much money in one place, it goes fetid.
Time is the true currency, although too much time can go fetid as well.
The licenses are gentlemen's agreements. It's a trade of time for time, with rules of courtesy. (EULAs are _not_ gentlemen's agreements, I am not taking about those licenses, they don't deserve to be called licenses.) The licenses form the ground rules for the community that forms around the software. It's very much like the old guilds, although much more open in a very good way.
With the GPL, some of the rules of courtesy which are important for maintaining the infrastructure of the guild are explicit. We might assume that this is because Stallman is a cynic, or because he is a realist, but must people are still confused and think he is an idealist.
With the BSD license, the rules are implicit, derived from the external society, the (Christian, though not entirely uniquely so in the current view of history) principle of casting one's bread on the water. It is expected that the waters will bring the bread back, multiplied. And this is where things have broken down.
Even under the BSD license, the rules of giving back are natural laws, and are not suspended. Humans whose primary product are sales presentations have no idea that they have to give back or the resource will be depleted. Stallman recognized that, Theo has not yet.
People have to be reminded to be courteous, and that's why an idealist and general nice guy like Theo ends up making enemies. The license doesn't remind people, so he has to spend his energy reminding them.
Putting new source under GPL would be one solution, but, as is well known, it is not one that can really be considered yet. A new modified BSD that contains a non-binding reminder that the resources don't renew themselves may be what's in order right now.
OpenBSD has done good work & currently depends on receiving financial donations. Enlightened companies should notice that OpenBSD needs some funding right now & that it would be cheaper to fund them than to have to adopt the support and development of the OpenBSD products they use.
Sun bought and open sourced both StarOffice and Netbeans, they've open sourced Solaris and the UltraSPARC processor core.
I'm sure there are plenty other projects, but Sun have donated what must amount to many millions of dollars of code to the community.
Sure they use other open source projects (in line with their licenses) and while they presumably aren't throwing money at Theo it seems unfair to brand them as anti-opensource when they've done a lot of good.
In any case: development and maintenance costs don't magically stop when there is no tax-funding of the project. If people want it to survive, they do need to continue sponsoring it.
> Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it.
I thought RALink supported Linux themselves, otherwise, what's this?
However, I do notice that when I actually test on my Mac OS X machine here:And it seems that besides there being more of them, the freebsd matches are more "real"-- if i look at the actual matches the FreeBSD ones consist to a great extent of matches in actual basic binaries and libraries, whereas the OpenBSD matches that aren't actually matching OpenSSH binaries seem to mostly be compatibility code in crossplatform UNIX apps-- "#ifdef openbsd" blocks in X11 headers for example (right before the #ifdef amiga ones), which clearly are not an indicator of OpenBSD crosspollination in OS X.
And then trying again, in the source for Apple's libc:
And even here again most of the occurances of OpenBSD maybe shouldn't count to the total, since they are, well, in some big directories named "FreeBSD/". It looks like a lot of those 63 matches were patches that were ported upstream to FreeBSD, then sucked into Darwin from there.
So these were just the first two things I thought to check, and in both cases FreeBSD strings show up more often than OpenBSD by a very significant majority. I can totally believe that Apple is making much more direct use of OpenBSD code than I was aware of, but if you do not mind me asking, exactly *where* in OS X am I supposed to be finding this effect you claim of "grep... you will find more occurrences of OpenBSD than NetBSD and FreeBSD"? Because so far I'm not seeing it at all.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
like why glibc wont have strl*()-functions which may improve security:0 309.html
http://lists.debian.org/debian-devel/2002/03/msg0
It's not like the whole linux world would fall apart if there was some more
string functions which would not go ape on weird inputs.
I know strl*() isn't a magic bullet to prevent all kinds of badness, but they
really can't be worse than the same functions without bounds checking.
Still, better to bash some BSD...
-- I'm as unique as everyone else.
Our company would be more inclined to donate if we knew that the money we gave would go directly to support OpenSSH. We have no interest in supporting OpenBSD. Fork OpenSSH into it's own project with separate financing and management, and we'll send you some money.
This whole Slashdot anti-Theo movement is lame
I agree wholeheartedly.
-Theo
A careful reader of the interviews that come up with Theo occasionally will note that he's pretty good about endorsing the companies who actually support the project. Just in that short interview he mentioned a couple of wifi chipmakers who actually share information. The expectation is that the open-source concerned reader will support those companies in favor of the ones which are mentioned who do not share information.
Past experience suggests that the average Linux kiddie is more likely to take the binary driver and run, particularly if there's game playing to be done. But it seems Theo's doing a reasonable job of supporting the supportive vendors.
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
Jerry A. Taylor
City Manager
Tuttle, OK
Dear Jerry,
you like secure operating systems. So does Theo de Raadt: he loves them!
Please contact Theo directly at *deraadt@cvs.openbsd.org*
Be firm: Theo will help you, but only if you are make it clear that you expect help, and you want it now. (I think that when you contacted CentOS's team, you were sort of beating around the bush. That won't work with the OpenBSD team. Be direct!)
Theo will respect your 22 years of IT experience. And, I think he will be impressed that you worked at Raytheon--wow!
No need to call the FBI to get a response from Theo and his boyz. Enjoy!
--A concerned citizen
So while it makes sense on the short-term microeconomic level to not pay anything to a project you use, it makes no sense on the long-term macroeconomic level--just as a single family saving money is a wise investment, all families saving money is a recession.
The optimal solution here is for users to pay some money to projects they wish to use. This is a modest, compromise amount, causing the greatest good in the short- and long-terms, and in the micro- and macroeconomics.
Sadly, it seems that the corporate world (and most of the average user world too) is only too happy to sacrifice long-term gain for short-term gain. So conventional modern business practices would likely be in agreement with your statement.
--
Given enough personal experience, all stereotypes are shallow.
To donate to OpenBSD you write a check to Theo. There's no OpenBSD foundation, no non-profit, nothing. So I'm supposed to go to my boss, who has to explain it to his, who has to explain it to his, to get a check cut to some guy in Canada because he does good stuff? I might be able to get a CD on the corporate AmEx, but a donation of any real size? No way!
If Theo wants money, Theo needs to set up a non-profit, preferably US-based, get tax exempt status, and see what happens. It isn't nearly as hard, complicated, or expensive as he thinks.
The preferred solution is to not have a problem.
Actually, no, he's not claiming that the world owes him something. He's claiming that his act of creation and contribution does not cause him (well, specifically, the OpenSSH developers) to be owe anything further to the people who take advantage of their contribution.
That is an entirely different issue.
"From the beginning of history, the two antagonists have stood face to face: the creator and the second-hander. When the first creator invented the wheel, the first second-hander responded. He invented altruism.
"The creator - denied, opposed, persecuted, exploited - went on, moved forward and carried all humanity along on his energy. The second-hander contributed nothing to the process except the impediments. The contest has another name: the individual against the collective." - Howard Roark in The Fountainhead by Ayn Rand.
Since it's obvious that many here haven't actually read what they're flaming about, here's the last question of that interview:
Sounds completely reasonable -- just calling a spade a spade and not trying to sugar coat anything.Unlimited growth == Cancer.
If you disagree with his point, how about stating why you think it's wrong rather than just bitching about 'classic theo'.