Slashdot Mirror
Mozilla Foundation Donates $10K to OpenSSH
eklitzke writes to tell us the OpenBSD journal is reporting that the Mozilla Foundation is donating $10,000 USD to the OpenSSH project. This comes as good news after the recent reported financial troubles from the OpenBSD and by extension the OpenSSH team. It seems that quite a few people have answered the call for aid made by OpenBSD's de Raadt.
Is this going directly to OpenSSH efforts, or to OpenBSD in general? There's nothing in there that specifically states which.
There has been much talk in the recent past about the difference between wanting to support OpenBSD (and by default, OpenSSH), and just OpenSSH itself. Is it even possible to support 'just' OpenSSH?
Either way, a classy move by the Mozilla Foundation.
Now if you guys can just make Thunderbird stop sucking, I'd be much happier.
Is this something that can be deducted from Income Tax as a charitable donation?
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
"It seems that quite a few people have answered the call for aid made by OpenBSD's de Raadt."
Nice to know that some people don't let their personal feelings get in the way of doing what's right.
For clearly demonstrating they are part of the whole community. If other organizations would take the same attitude, we would all be much better for it.
"To those who are overly cautious, everything is impossible. "
"While donations are not US tax deductible as charitable contribution" is what their website says. I guess they don't want to become a true non-profit org for some reason.
How about donating 10K to developers who can fix memory leaks?
Considering the rumors that the foundation makes something close to $72 million? (http://news.zdnet.com/2100-9588_22-6048377.html)
Quoting Chris Blizzard, a board member "I won't comment on the dollar amount, except to say that ($72 million) is not correct, though not off by an order of magnitude...."
Guess any amount is fine...but 10K seems too low, IMHO
It's sad that Cisco isn't on the list...
If an officer ever threatens to taze you, say you have a pacemaker.
This money is coming from the Mozilla Foundation, which makes serious dough from google searches run via the firefox browser's default start page and the default search engine field. So use firefox, hit CTRL-k to search with google, and keep it going.
it's a blue bright blue Saturday hey hey
This just goes to show how little financial support there is for open source projects. Everyone thinks that the F/OSS and contracts will relieve everything, but the truth is, open source software needs all the help that it can get. Mozilla Firefox is one of the few projects that was lucky enough to gain widespread recognition, but in order for open source to survive, we must all work for it, not take it for granted.
You may not realize it, but there are countless of excellent OSS projects out there. Imagine the amount of people that have monetary troubles every single day; now image that as being a lot more difficult, and you will see the struggles of an open source programmer. Advertising and the occassional donation simply ISN'T going to do it. The worst part is, no one has figured out a source for an actual revenue stream. If we don't ensure the survival of an increasingly popular commercial model, we might face another "dotcom" crash--after all, money has to come from somewhere.
That he uses the money to establish a foundation that is equipped to do things like fundraising and marketing. As I said before, being a non-profit is hard as heck, he needs to run it like a business and hire people who have real world non-profit experience. Raising just enough money to get by without committing to major organizational change is extremely shortsighted. Let's also hope that others follow the Mozilla foundation's example.
If you wanna get rich, you know that payback is a bitch
....to those that whine.
Or was that "it's the squeaky wheel that everyone hates until one day they clobber it with a hammer"?
That the crippling vulnerability found a few days ago has not had a major impact on OpenSSH. http://it.slashdot.org/article.pl?sid=06/04/01/142 9232/
The Appleseed Project could use funding. And a foot massage.
Mostly we'll just settle for a foot massage.
Think of it this way, if the median salary for the development team is say $55k/year, plus benefits and taxes, and there are what maybe 4 team members (developers + manager)? You are looking at a cool 1/4 mil per year. Which means that $10k will keep the developers paid for roughly half a month of full time work.
Nothing against OS development, but if you want a professional package, someone has to pay for it.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
You could argue 0 is too low, and even then you would be wrong. Mozilla is already giving much more: The best browser in the world whose development costed a lot more in man-hours and money. They have no obligation whatsoever of giving a dime to bsd any more than you do.
So regardless of how much money the Mozilla foundation makes, if out of their heart, self interest or whatever decide to donate $10k ( or even $10), all you get to say is "thank you", and if you really want to show appreciation, ask "is there anything I can do for you?".
After being fed up with something in Thunderbird (It just started crashing because of a Self Signed Certificate problem) I upgrade to the Latest CVS of 3.0 Alpha 1 and boy howdy it is an upgrade. Even as alpha software I have had less issues with it than I did with 1.5 and most of the annoyances are either made less annoying or don't exsist.
Just an FYI.
It just doesn't instill much confidence in a project if it is so horribly mismanaged financially that they must scream that they will die unless someone just hands them a wheelbarrow full of cash when others make piles of it through creative deals. If all the energy spent flailing around begging for money had been used to figure out a similarly sustainable revenue stream, they'd no doubt end up receiving more donations out of respect for showing a shred of moxie instead of getting a pittance out of pity.
Although I can see how OpenBSD and OpenSSH aren't doing themselves any favors by alienating people with obnoxious comments and general indifference.
Latest example:
A lots of people/companies asked the OpenSSH group to include the ability to include rate limiting due to large SSH user/dictionary attacks being run by script kiddies. One person even WROTE it for them. I believe the OpenSSH group's response was "Not an ssh problem."
Dissappointing.
If you looked through the list of donations on Theo's donations page, it's quite curious that some of the larger commercial interests in the Linux World (RedHat, Novell, etc...) are NOT in there.
Of course, they may have requested no publicity.
This is Slashdot, I'll let you draw your own conclusions here... :)
Ron Gage - Westland, MI
Theo has always stated that it was more difficult to setup a non profit in Canada. There was also recent statements that for international donations it is even more difucult to do. If they were in the U.S. they could more easily accept non profit or 'Not for profit' donations from US residents but then they may run into future crypto export restrictions when they try to export advanced crypto from the US. So they stay in Canada and can do what every then need to do to keep OpenBSD, OpenSSH, OpenNTPD, OpenBGP & OpenCVS as secure as they can without worrying about politician whims on crypto export matters.
I've noticed some undue emphasis placed on OpenSSH & OpenSSL. They are GREAT packages, but not the only thing people benefit from. Don't forget, that nearly every commercial operating system has pilfered code from the BSD projects.
EVERYBODY should contribute, especially the companies that have profited from the hard work of the team.
Thanks MFD :)
Given how it's built on OS software and undoubtably leverages openSSH, the question is:
When is Google gonna step up?
OpenBSD project. The Mozilla Foundation made a $10K donation to the OpenBSD project in support of development of OpenBSD, OpenSSH, and related activities. The OpenBSD project does great work in the area of creating a secure Unix-like operating system (which runs Firefox, of course) and developing related security technologies. In particular the Mozilla project uses SSH extensively for various purposes, including securing connections to the Mozilla CVS repository. The OpenBSD and OpenSSH projects have been experiencing some financial difficulties, and based on their importance to the Mozilla project and to the wider open source and free software world we felt that it was well worth showing our support for them.
(So where's my thread?)
Any technology distinguishable from magic is insufficiently advanced.
It's not surprising that large businesses won't donate to "OpenBSD" or "OpenSSH"; just look at the project's donation pages and see who you have to write the checks to. That's right, "Checks made out to OpenSSH cannot be deposited"; you are giving your money to Theo personally.
Now, you don't have to ask around much to find out how that money is handled. Hell, some of it seems to literally go under his mattress. What's it get spent on then? Maybe OpenBSD, maybe beer and a giant new SUV; how do you really know? A charity would be required to do actual bookkeeping about its donations, but then again maybe now it's a little more clear why OpenBSD isn't a charity, unlike all the other major open-source projects.
A question worth asking: is it legal for Mozilla Foundation, a 501(c)3 charity, to give donations other people made to *it* to Theo personally, when they know (or would have to be negligent to not know) how the money will be handled when it gets there -- that there is no guarantee it will actually be spent to further MozF's charitable purpose?
If they're essentially laundering money for a non-exempt entity (heh, "entity"; I guess a person and his beer fund are an "entity") MozF could get in a lot of trouble. It's not hard to see why more careful donors steer clear.
(Of course, what do you really expect from a project^H^H^H^H^H^H^H^H^Hbeer fund whose principal fund-raising tactic is to threaten to abandon this or that unless you send cash to the *person* in charge? None of the other major open-source projects do that either. Go figger. Sigh.)
http://marc.theaimsgroup.com/?t=114312315700005&r= 1&w=2
There has been such a great soap opera on this on the OpenBSD mailing list.
It's nice to see mozilla.org donate some cash but the real money should be coming from IBM, Redhat, Cisco and all the other vendors that bundle OpenSSH into their products. Somewhere in that post is a link to an email chain where IBM demanded Theo fix a bug that was in OpenSSH. (I believe the bug was fixed in a more recent version of OpenSSH then they were bundling.)
Sure, they could change the license for OpenSSH and start making money off it but that's missing the point of what the BSD license is all about.
It costs a lot of money to run that project and keep ahead of the jerks who are trying to break into your systems every day.
If you use products from vendors that have OpenSSH bundled in them and they aren't on http://www.openbsd.org/donations.html then send them an email and ask them to give regularly. that's the only thing we can do to help keep us safe on this hostile internet!
GO PUFFY
I seem to recall RMS getting a 'genius grant' a while back. IIRC, those grants come with no strings, not traceability, and aren't conditional upon the recipient being tax-exempt. Basically, the idea seems (I know this sounds nutty) that people who are passionate about something and have made it their life's work will take such gifts in the spirit intended by the giver.
Now, I may be wrong, but I do not recall a flamefest back then about how that anticapitalist hippie Stallman would just spend the money on pizza and T-shirts. Why is it, then, that when the Mozilla group seeks to fund OpenSSH, the standard seems to be different?
This is 10% of their target just from one donor -- not even counting all the people who've donated smaller amounts.
I don't see Apple there either. Don't Apple use BSD and ssh ?
Darwin is based on FreeBSD, not OpenBSD -- though I must admit, I have no idea how much cross-pollination there is among the *BSDs -- but like most of the civilized world, they do use OpenSSH.
I guess they don't want to become a true non-profit org for some reason."
;)
Maybe not an official IRS-sanctified one. But I think they're a true non-profit, more so than they'd like. I promise to give them some money once I start *making* money again rather than spending it all on school
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Get a ton of money for a support contract then send your client, not support staff, not in house developers, your client to the dev mailing list for a fix, on a project where you have not shown the least bit of good will, fuck you.
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
Is "Charity". CCRA registered Charities may issue tax receipts for dontations, and are exempt from income tax. Anything less then a registered charity, so far as the CCRA is concerned, is just another business and subject to regular tax rules. Tax on $0 profit is $0, it is illogical to have a special class for "non profits"
Non-profit groups are usually registered as a "Society" under provincal law. Such registration may or may not change their provincal tax status.
I thought the point was Theo wants people to use his software. News flash, these guys are using his software.
If the whole point is that people will willingly donate, then why bitch when they don't donate? It means they aren't willing to donate.
Red Hat has its money because it did things Theo didn't. Sorry to break it to you.
However, postingwithout backing it up is kinda trollish. I'd be interested in seeing the information whose existence is implied by that statement.
Procrastination -- because good things come to those who wait.
Is it really so hard to figure out? Here are a couple of simple hints:
1) When the MacArthur Foundation asks for your money, they tell you it's going to genius grants -- and it does.
2) When the Mozilla Foundation asks for your money, they tell you it's going to Mozilla -- and, usually, it does.
So far, so good. These two things have a "charitable purpose" and they at least try to tell you the truth about what they're doing before you give them cash.
3) When "OpenSSH" asks for your money, they tell you it's going to OpenSSH development -- but actually it just goes into Theo's pocket, and *some* of it comes out for "OpenSSH development". It is simple to see this if you're not the super-credulous type because, unlike any other big organized open source project, for this one you...hmmm....have to write a check to Theo, personally? "gee that's strange".
The main reason charities are regulated is so that they can't lie to you about where your money's going to go. Not so complicated, is it? Part of that regulation, which exists to protect you is that they can't just give your money to Joe Blow for fast cars and bad cocaine unless they told you that was what they were going to do with it.
All the other major open source projects are charities. If you're not feeling so credulous any more you might start wondering why OpenBSD/OpenSSH is the only one with a bunch of excuses at the bottom of their donations page about why they need to hide from the accountants.
Suck it netcraft!
"Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
Well, look: I could describe precisely how I know this, and you could just say I was making it up (which is what you seem to be implying above -- which is understandable, but it's not the case). Really, all I can suggest is that you ask around yourself: there are plenty of people who can confirm this kind of detail for you who no longer have quite so much of their egos tied up in OpenBSD that they'd keep their mouths shut any more.
You can quite simply confirm that the checks have to be made out to Theo personally by looking at the OpenBSD donations web page: http://www.openbsd.org/donations.html -- unless they change it again while this discussion's going on, as they seem to be doing in response to comments here.
Of course, the one thing they don't change is that the money goes to Theo, not to any kind of entity with any kind of financial controls -- like *every other major open source project* uses.
I'm new here. Is OpenBSD an Open Source version of the Blue Screen of Death?
There's equipment costs (some gets donated, some doesn't: some of the vendors who use OpenSSH produce equipment which isn't well-supported by OpenBSD - this could probably be turned around by some judicious hardware donations and maybe a bit of assistance with docs). Around $5000/year goes on electricity. More goes on hackathons. This is all easily publically-available information, and is good enough for the many many individuals and small businesses who donate. Why should larger users who stand to make much more from the software be any less-trusting than the individuals who probably donate a much higher % of their income than the larger users would donate anyway?
Sure donation's not *required*...but where's the future cool stuff these companies can bundle for free going to come from if potential developers see how the large companies treat people whose open-source work they already profit from?
Looks like you got some rose tinted glasses. Ideally, this is how things work. However, in most cases, people just download the stuff and use it for free. I've seen many companies including large corps and govt use open source stuff and not give back anything, in terms of QA/code/money or anything. That's the case for most projects. Most people just "leech".
There is the odd project that does get some contributors anf financial support (apache, mozilla and such), but most just wish for donations and never get any. Whereas in the closed source world, if your product is good (and known), then the revenue stream is never really an issue (I've had no problems making a good living at it at least). Hoping for donations and expecting people to do free work (coding/patches/QA/bug reports/whatever) quite often doesn't work. At all. They're just interested in the 0$ price tag. Those interested in paying money [like to support a project], usually just buy commercial software instead. (Yes, I've tried open sourcing a project once, and no, I didn't get any support whatsoever).
IBM, Red Hat, Novell, etc. already contribute to open source. Red Hat pays kernel devs! Novell has worked on XGL. If OpenSSH developers all suddenly decided to quit because of IBM, Red Hat, Novell, etc's lack of generosity, gratitude, and groveling, then someone would pick up the development and maintenance of this critical project. But I don't care if these giants don't give one dime to OpenSSH. They can only be expected to do what is in their best interest, and apparently they've decided that doesn't include giving to OpenSSH. I don't see why they should be expected to make pro rata contributions to every one of the THOUSANDS of open source projects that comprise any Linux distribution.
Penny - plain text accounting
Open source helping open source is what open source is all about.
This is like donating to the EFF, then finding out that the money was redirected to PETA. That's just plain offensive.
EFF and PETA are political organizations with specific ideologies. Mozilla, OpenBSD and OpenSSH are apolitical volunteer SOFTWARE PROJECTS! Sheesh.
Don't blame me, I didn't vote for either of them!
Software Freedom Conservancy offers nonprofit umbrella to free and open source projects
see this groklaw page for entire article http://www.groklaw.net/article.php?story=200604011 21120517
Here's yet another creative idea to protect FOSS developers. The Software Freedom Law Center has launched the Software Freedom Conservancy, which is designed to permit certain projects accepted as members, such as Wine, uClibc and BusyBox currently, to apply for and then benefit from nonprofit tax-exempt status. The Conservancy does all the onerous paperwork needed to set it up and run that way.
It does the paperwork and it provides the umbrella. It will file one tax return covering all members' projects, and it will handle the other corporate and tax issues that are associated with becoming a nonprofit and then operating as one, as well as holding project assets and managing them as the project directs. That leaves projects members free to code. It's a free service, if your project is accepted as a member.
This is pretty generous but it reminds me of that new movie coming out about 9/11 and the company who made it is donating 10 percent, of the profits to the families of 9/11 I assume 10 percent divided equally among the thousands. Now that is generous, but could they have made it 11-100 percent instead? After all they are making money on the tragic event. Anyway off topic, donate more you not for profit organization who pays no taxes. You do good things but you seem to be slowing down I guess because all your important programers are making lots of money for big companies, such as google.
I want spam! cranbers@gmail.com
This post doesn't deserve a troll...
/\/\icro/\/\uncher
The ability to read maildirs would be more than just a plugin since it'd need some backend support. A lot of message handling and envelope parsing and stuff happens in the actual binary, and that's all geared for the internal mailbox format/pop/imap.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It might be possible to re-write parts of Mozilla/Firefox to remove bloat and increase performance by creating a NSPR-lite (essentially a shim on top of standard POSIX stuff)... and removing parts of Firefox or Mozilla that rely on weird NSPR features.
By being largely compatible with NSPR while not re-inventing the wheel, hopefully one can leverage the improvements that have been made in many platforms' standard libraries over the years.
I mean, it still allows for OS9 and Windows 9x compatibility (and at one point it had support for Win 3.1). I'm sure we can lose any relevant code and renormalize the baseline behaviors to match more modern thread behavior/memory allocation/networking feature-set assumptions...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The Mozilla Foundation's mission is to "promote choice and innovation on the internet". When you donate to them, you're giving money to further that mission.
Choice is not limited to simply web browsers. Without Free OSes, you can't connect to the internet in a Free way. As an established, mature project that is having only monetary difficulties (not community difficulties), OpenBSD is an obvious choice to give money to.
As a group that develops OpenSSH and provides security audits, OpenBSD is also obviously helping innovation (not necessarily by making new features, but by making sure the ones there work well). Once again, it makes perfect sense for the Mozilla Foundation to, in the course of "promoting choice and innovation on the internet" to donate to them.
There are 11 types of people in the world: those who can count in binary, and those who can't.
you should really run `ident' on userland, i don't know if it's still the case, but lots of code came from OpenBSD.
They don't want to because of the huge administrative overhead that incurs. Theo'd much rather work on the next feature or security audit than on handling that.
It's significant but not insurmountable. If they want a serious income (like being able to pay 10 developers) from donations they can definitely afford to hire an accountant to take care of this for them.
Of course, you're free to set up your own non-profit "Friends of OpenBSD" foundation if you want to.
That's a great idea.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Uh, I hate to tell you, but it's all the same people. If you read the OpenSSH project is prettypage it states "OpenSSH is developed by the OpenBSD Project." So yes, you do have a need to support the OpenBSD project if you want them to continue to develop OpenSSH.
Sure it's the same people. But those same people can spend their project hours working on A, B, C, D or OpenSSH. If A and B are required for OpenSSH, that's part of OpenSSH. If C and D are part of OpenBSD and have nothing to do with OpenSSH (say the OpenBSD packet filter and an implemenation of grep) it's fair that someone who only uses OpenSSH and wants to contribute a large sum of money would be able specify the kind of code that gets worked on for that money. It's not as if OpenSSH is "done" and in maintenance mode - the more hours worked on it the more features that the donater will see.
This is a common arrangement - somebody gives you money in exchange for getting to tell you want to work on. None of my clients say, "here's a bunch of money - see if you can't figure out something keen to do with it."
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
When I donated to Mozilla, I didn't want to donate to the OpenSSH project. As far as I know, I've never used it.
Why are Mozilla giving away the money I donated to them to a project I'm not interested in?
What does Mozilla benefit from the donation?
Seriously. Theo needs to see this. No more excuses.
once you go slack, you never go back
The problem isn't the method, its the destination. You've said it yourself good enough for the many many individuals and small businesses who donate. Large businesses won't donate until the check is going to a recognized non-profit, not a personal checking account.
once you go slack, you never go back
I'd like to comment on two other ways (besides OpenSSH) that I am going to benefit from OpenBSD - even though I do not directly use OpenBSD.
s rc/sys/dev/pci/if_nfe.c?rev=1.53&content-type=text /plains rc/sys/dev/nve/if_nve.c?rev=1.7.2.8&content-type=t ext/plain
... ...
s rc/sys/pci/if_rl.c?rev=1.145.2.4&content-type=text /plain ...betray obvious programmer frustration: ... and ...
s rc/sys/dev/pci/if_rl_pci.c?rev=1.12&content-type=t ext/plain
I have two computers - each running FreeBSD. One has an nVidia ethernet device that runs klunk-ily. It times out a lot and generally lags in its response time. The other has a cheap Realtek card that behaves the same way - although when it times out it never recovers - even if I unload and reload the driver module.
FreeBSD beat OpenBSD to the development of these drivers; but when OpenBSD had them ready for release (i.e., they were sufficiently proud of the result) they produced better code and (probably) tighter performance.
I fully expect the superior code for these devices to find its way into FreeBSD very shortly.
The OpenBSD nVidia code is here:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/
and the FreeBSD version is here:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/
Notice the comment in the FreeBSD version that the driver is linked to the nVidia proprietary driver:
* In accordance with the NVIDIA distribution license it is necessary to
* link this module against the nvlibnet.o binary object included in the
* Linux driver source distribution. The binary component is not modified in
* any way and is simply linked against a FreeBSD equivalent of the nvnet.c
* linux kernel module "wrapper".
The OpenBSD version is self-contained and open... obviously a far more desireable approach.
The comments in the FreeBSD version of the RealTek driver:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/
* The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
* probably the worst PCI ethernet controller ever made,...
* You know there's something wrong with a PCI bus-master chip design
* when you have to use m_devget().
It's still nice looking code.
The OpenBSD device driver:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/
is real tight. The programmer agrees with the FreeBSD device programmer but he makes no excuses.
* Default to using PIO access for this driver. On SMP systems,
* there appear to be problems with memory mapped mode: it looks like
* doing too many memory mapped access back to back in rapid succession
* can hang the bus. I'm inclined to blame this on crummy design/construction
* on the part of RealTek.
Really, one just have to assume this. When there is no accountability there is room for abuse. I don't know Theo personally. he may have problems with drugs or alcohol abuse or gambling debts or has to pay his former spouses whatever.
US-UK-Israel: The real Axis of Evil