Slashdot Mirror
Theo de Raadt Discusses OpenBSD and Beyond
emil writes to tell us that NewsForge (Slashdot Sister Site) is running an interview with OpenBSD project leader Theo de Raadt. In the interview Theo explores the upcoming release of OpenBSD 3.9, continuing financial difficulties, and some of the tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back. In related news the Jem Report has an interesting writeup that expounds on widespread difficulties that could be faced if the OpenBSD project continues its downward spiral because of their parallel development of OpenSSH.
Finally, for real, today's topic is: BSD is dying
All other posts are off-topic. Enjoy!
I'm pretty sure he's heard of it. While they do appreciate source code contributions, what they're really asking now for is money.
Is it just me, or does anyone else always feel the urge to pronounce "Theo de Raadt" as "Theo da Rat" with a mafia godfather style accent?
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
That part wasn't written by Theo, as far as I can tell.
http://outcampaign.org/
...that some feel are taking advantage of the free software without giving anything back.
Damn. I wonder if there was anything they could have done about that?
No there wasn't, BSD as in Berkeley Software Distribution, as in University of California Berkeley, as in "Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved.", as in paid for by California taxpayers including corporations and individuals who should not be denied access to what they paid for.
BTW, you shouldn't confuse BSD with a very talented but potentially mismanaged team that has a tendency to piss off lucrative sources of income.
This is a perfect example of the problem with BSD licencing. Under the various BSD licences, its perfectly OK to take a piece of code and sell it, either modified or exactly as found, without in any way recognising or contrubuting to the project. Run "strings c:\windows\system32\ftp.exe" on a WinXP box and you'll see a perfect example of uncredited work. At least under the GPL if someone sells an unmodified program, the project will get recognition (since it will have to remain open source, and thus the origion of the code will be obvious), and if they sell a modified version the project will get the source for the modifications back. Neither directly equates to funding, but publicity and a better code base both help to attract financial support. Both arrangements depend somewhat on the cooperation and altruism of the entity using the code for a profit, but the GPL isn't quite so hopelessly naive.
Where to start?...
BSD is an operating system. It consists of a kernel (like linux), a userland (like GNU), and a bunch of applications which are largely source-compatible with Linux.
The BSDs share the fundamental gcc/gas/ld toolchain with GNU, but pretty much everything else (particularly the C library and make) they have their own version of. It is *possible* to run the BSD system on Linux (though not very easy), and actually very easy to run the entire GNU system on BSD. But they are different projects.
OpenBSD was the result of a squabble between Theo and the NetBSD team. This was a felicitous squabble for the rest of us, because OpenBSD is a great operating system.
All's true that is mistrusted
"Can anyone tell me why BSD with it's enhanced security isn't incorporated into most Linux distros?"
It's not a simple matter of importing code, to duplicate the changes in the Linux kernel and the GNU toolset would be prohibitively difficult. Also, much of the improved security comes at the expense of performance or functionality.
I rarely criticize things I don't care about.
Just because the BSD license doesn't force companies to give back, doesn't mean they can't do it anyway.
For a business that uses OpenBSD code, it would just make good business sense to support the project at a fraction of what it would cost to develop the same code in-house. It is ridiculous that Sun wouldn't even cover the travel expenses of an OpenBSD developer to go their conference, because the value of the developer's hours would have far exceeded such travel expenses. That's just simply bad business.
http://astutehosting.com/
If you're a Linux user and you like your madwifi driver, you can thank the OBSD ath driver. Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it. Anonymous CVS? Theo came up with it after NetBSD kicked him off the commit list. Randomized mmap, stack protection ... there's a lot of development being taken from openbsd. We've all got an interest here.
All's true that is mistrusted
Not really applicable.
9 0/threaded. This is just one fresh example (this week).
They started with a fork of the NetBSD codebase and maintained compatibility for a long while. Many drivers in the Net/OpenBSD tree used to be ifdef-ed for specific OS related parts. In fact one of the reason for OpenBSD to survive for so long especially on obscure architectures has been the fact that it used to rely heavily on Net for low level hardware specific code (disclaimer - I do not know if this is still the case as I have not looked at their source since 3.3).
As a result GPL-ing is not an option. Your codebase is heavily dependant on somebody's else's codebase which is BSD.
As far as the financial difficulties, all business and businesslike entities using GPL rely on support, custom code and consulting for their day to day living expenses. You do not get that money if you have this attitude:
http://www.securityfocus.com/archive/1/428749/30/
Another essential factor is that if you write software in the real world you have to go out of your ivory tower on a daily basis and check what your competitors doing. OpenBSD tends to believe its own PR about their security prowess and does not follow Linux, FreeBSD and other OS development as much as it should. One example for this is how it missed the appearance of hardware RNG in AMD hardware for several years. They simply did not know it is there (I actually pointed it to Theo myself a year ago). I bet that they have missed other stuff in a similar fashion as well.
Frankly, the days when Open Source OS projects were PFY jobs and flaming each other out of existence on mailing lists was business as usual are long gone.
Time to grow up or face the dark stairway down down and down towards oblivion.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
It's not that the Foo Corp is using OpenSSH w/o paying Theo or the OpenBSD/OpenSSH crowd. No one (including Theo) has a problem with that.
It's that some companies *cough*Sun*cough* make all kinds of noises about being "open" and "supporting open source" and market the crap out of it purely because it's the latest buzzword, when in reality they just don't give a shit.
That's what gets to Theo... and others.
Theo may be a jerk, but that's not the point here. The OpenBSD team does great work that gets ported to other platforms or just flat out embedded, but no one wants to lend a hand. This interview did not strike me as whiney or greedy; Theo never came across as wanting to get rich, with his grand aspirations of paying travel expenses for poor developers.
His request is very reasonable - everyone is benefitting, and those who are in a position to give a little back should do so. He didn't say fund the project, he said contribute a little. Jeez, anything really.
This whole Slashdot anti-Theo movement is lame, it's like watching jocks push the nerdy quiet kid around in high school, which is a bit ironic considering that many of us *were* those nerdy quiet kids. Stop trying to be part of the "in" crowd by bashing this guy and read the article with an objective eye.
No. It would be extortion if he were threatening to put security holes in SunSSH. He's just saying that without Sun's support, he can't be expected to analyze and warn them of bugs in their product. Or are you saying I have a legal requirement to disclose every bug I notice in every piece of software I use to the developer?
====
Crudely Drawn Games
A while back -- pre-SCO -- OpenBSD did a "license audit". I don't have the list in front of me but a sizable number of reasonably well-known open source projects had questionable licences. Theo really did ask nicely and got most of them changed.
TCP Wrappers IIRC was one of them, pppd another (again IIRC).
Like Theo or hate him, he's done more for the Open Source community than just piss people off.
An OpenBSD CD set is $49. If you've ever used OpenSSH or x.org X11 (read the article), you've already got your money's worth. In addition, chances are that somewhere in your organization (or at your house?!?) there's an OpenBSD-based firewall happily chugging away with PF and CARP.
So cut the anti-BSD crap and get over Theo's personality for like 10 seconds and pony up. Some day you'll be glad you did. If for no other reason, do it in your own best interest.
And remember kids: Never trust a computer you can actually lift.
What's so difficult to understand for those GPL zealots out there?
Theo is NOT talking about code. He couldn't care less about the code!
He's talking about MONEY. OpenBSD and OpenSSH need money to pay Theo's (and other's) income, bandwidth, servers, etc. How does the GPL help when you need money? It does NOT help!
Subsequently, their moaning about how their self-inflicted mortal wounds hurt horribly is going to rightfully fall on deaf ears, if they are lucky, or will become a butt of jokes, if they are not.
This is what happens if someone is given good advice not to drive their car off the road and into a bog and which they derisively reject and proceed at "what can possibly happen?"-speed into the mud. Following which they sit on top of their sinking vehicle, far into the swamp, waving frantically and complaining loudly about "selfish" people who fail to stop to pull them out of there. So that they can ignore good advice, as soon as rescued, derisively, again.
I say onto Theo: Tough Cookies! You made your bed, you sleep in it! Perhaps placing product placements into the BSD code or performing in a clown outfit at conferences will bring the required revenue, now that the commercial interests do what you have always encouraged them to do: take, take and take ... whatever they can get in return for as least as possible. Its called "business", Theo. Look it up sometime.
I say onto Theo: Tough Cookies! You made your bed, you sleep in it!
BSD vs GPL is not relevant. Theo's bed was made by driving away potential sources of income like DARPA.
I have thought along similar lines, but it really demonstrates something that we must quit ignoring.
"Free" is an illusion.
When we use "free" software, we pay for it one way or another. Time or money, and, no, time is not money.
Money is green stuff that you through around on the crops to make things grow, as somebody in some famous musical once said, quoting somebody else, I'm sure. When you collect too much money in one place, it goes fetid.
Time is the true currency, although too much time can go fetid as well.
The licenses are gentlemen's agreements. It's a trade of time for time, with rules of courtesy. (EULAs are _not_ gentlemen's agreements, I am not taking about those licenses, they don't deserve to be called licenses.) The licenses form the ground rules for the community that forms around the software. It's very much like the old guilds, although much more open in a very good way.
With the GPL, some of the rules of courtesy which are important for maintaining the infrastructure of the guild are explicit. We might assume that this is because Stallman is a cynic, or because he is a realist, but must people are still confused and think he is an idealist.
With the BSD license, the rules are implicit, derived from the external society, the (Christian, though not entirely uniquely so in the current view of history) principle of casting one's bread on the water. It is expected that the waters will bring the bread back, multiplied. And this is where things have broken down.
Even under the BSD license, the rules of giving back are natural laws, and are not suspended. Humans whose primary product are sales presentations have no idea that they have to give back or the resource will be depleted. Stallman recognized that, Theo has not yet.
People have to be reminded to be courteous, and that's why an idealist and general nice guy like Theo ends up making enemies. The license doesn't remind people, so he has to spend his energy reminding them.
Putting new source under GPL would be one solution, but, as is well known, it is not one that can really be considered yet. A new modified BSD that contains a non-binding reminder that the resources don't renew themselves may be what's in order right now.
OpenBSD has done good work & currently depends on receiving financial donations. Enlightened companies should notice that OpenBSD needs some funding right now & that it would be cheaper to fund them than to have to adopt the support and development of the OpenBSD products they use.
At which question I would have gotten up, broken off a leg table, and proceeded to ask "Where are they?!" so that I can proceed to give Dan a hand, musing to myself that it is at times like these that I wish I were a gun nut.
I am afraid this kind of a reaction would have been rather popular amongst those who had a pleasure of reading Theos' "conversations" with people on some of the USENET groups of old. Theo is just such a charming, loveable guy that swiss army knives open spontaneously in people's pockets at the very mention of him.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
What are you talking about? People use OpenSSH because it's by far the best out there. Nobody is locked into using it, the specs are open, anyone can code a replacement. It's just not easy to produce something of the same quality and security as OpenSSH. People are locked into Windows because of proprietary file formats and closed source applications; how is that in any way similar to OpenSSH?
But, like many celebrities, it's just never enough.
Sorry. CELEBRITIES? Hmm.. yeah sure, Theo is a celebrity. I'm sure he has paparazzi knocking on his door every day.
Sure Theo can be abrasive, but it's weird to see how gleefully people at the receiving end of his charity will attack him. It's always easy to be an armchair critic.
Sun bought and open sourced both StarOffice and Netbeans, they've open sourced Solaris and the UltraSPARC processor core.
I'm sure there are plenty other projects, but Sun have donated what must amount to many millions of dollars of code to the community.
Sure they use other open source projects (in line with their licenses) and while they presumably aren't throwing money at Theo it seems unfair to brand them as anti-opensource when they've done a lot of good.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
Actually, it isn't. You can also use LSH or Dropbear, and for SSH clients there are even more alternatives (PuTTY is available for Linux, for example).
This article almost makes me consider using one of them...
What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
Dear friend, herein lies the indelible mark of your misunderstanding of the free software _Movement_, and will live on even after you are dead and gone.
The help he is asking is pocket change for the companies which use OpenSSH. For the work done in making it compatible with major projects of those companies. __If you read the article__ you will also note how IBM sends customer complaints to the OpenSSH team. And how Sun refused to pay for travel!
I find it painful.
Life is just a conviction.
Was it me, you would have found out that it takes only 0.3 seconds to have a horrible accident with your coffee spilling all over your lap. Applogies and all that, why, I am just such a horrible klutz!
Joking aside, but that sort of question would have me thanking you for the lovely opportunity to get interviewed by you, followed by a mental note not to ever do business with you, under any circumstances.
Has it ever occured to you that these types of smart-ass, self-congratulatory questions, main purpose of which is to show who is the smart alpha-dog in that interview room, are absolutely useless in ascertaining someone's workplace abilities? Oh, what am I talking about, if it had, you would not be asking that and all the other ridiculous "logic" puzzles I am sure you are inflicting on your poor hapless, victims ... err ... applicants.
> Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it.
I thought RALink supported Linux themselves, otherwise, what's this?
If OpenSSH didn't exist, the ssh 1.3 source would probably have been picked up by GNU and we'd have free GnuSSH, without Theo's whining.
I'm sure you're right, it's not like we wouldn't have another SSH client, but would it be as good? The fact is that Theo and his team writes really good, really secure code. Someone who does security "for fun" is very rare and valuable. Most developers are quite naturally more interested in cool features than tedious code review.
the ssh 1.3 source would probably have been picked up by GNU and we'd have free GnuSSH
which would suddenly turn off encryption on your channel and pop up RMS's face saying "You are using this software for something *I*, his Imperial Majesty RMS, happen not to like today or maybe in the future, therefore I will stop it. I also hope your OS crashes and burns because it's not running HURD."
Thanks, I'll keep using the *really open* OpenSSH.
Global warming is a cube.
This whole Slashdot anti-Theo movement is lame
I agree wholeheartedly.
-Theo
GPL people are cool. I like to make copies of them. The only problem is that everytime I give one a way, I have to give the damned cloning formula away...
Then people wonder why de Raadt behaves the way he does. When I read this post, my first reaction was to send you to hell with enough bad language to put you in a first class seat. Maybe that's why de Raadt gets his stigma, by not taking a pause from his first reaction.
So you want to know that the money you give would go directly to support OpenSSH? According to de Raadt, there are six developers that focus on OpenSSH. These developers also work on other aspects of OpenBSD. What exactly do you want them to do? Divide your money between the six of them according to how many hours each works on OpenSSH? Do you want them to have separate network connections and hardware, and pay for it with your donation? How do you compensate the other OpenBSD developers when their ideas and contributions inevitably end up in the OpenSSH codebase?
The OpenBSD developers are a group of people working together. OpenSSH is the fruit of their work. The way to contribute directly to OpenSSH is to contribute funds to its developers. That's exactly what contributing to OpenBSD does, because the developers of OpenBSD and the developers of OpenSSH are one and the same.
So contrary to your second sentence, you have every interest in supporting OpenBSD. Saying otherwise is a disingenuous and pathetic attempt at justifying your reluctance to reward the people whose work you claim to respect.
*blinking cursor*
I don't get why people dump on Theo all the time. Yeah, he really could use a PR manager at times, but all the threads I've read he usually is right or standing up to what he believes is right. Can Theo be a dick about it? Yeah. Can Linus and Stallman be dicks about the kernel and the GPL? Yeah. Get over it and maybe send them some money for this OpenSSH thing we all use.
Jerry A. Taylor
City Manager
Tuttle, OK
Dear Jerry,
you like secure operating systems. So does Theo de Raadt: he loves them!
Please contact Theo directly at *deraadt@cvs.openbsd.org*
Be firm: Theo will help you, but only if you are make it clear that you expect help, and you want it now. (I think that when you contacted CentOS's team, you were sort of beating around the bush. That won't work with the OpenBSD team. Be direct!)
Theo will respect your 22 years of IT experience. And, I think he will be impressed that you worked at Raytheon--wow!
No need to call the FBI to get a response from Theo and his boyz. Enjoy!
--A concerned citizen
Actually, no, he's not claiming that the world owes him something. He's claiming that his act of creation and contribution does not cause him (well, specifically, the OpenSSH developers) to be owe anything further to the people who take advantage of their contribution.
That is an entirely different issue.
"From the beginning of history, the two antagonists have stood face to face: the creator and the second-hander. When the first creator invented the wheel, the first second-hander responded. He invented altruism.
"The creator - denied, opposed, persecuted, exploited - went on, moved forward and carried all humanity along on his energy. The second-hander contributed nothing to the process except the impediments. The contest has another name: the individual against the collective." - Howard Roark in The Fountainhead by Ayn Rand.