Mozilla Foundation Donates $10K to OpenSSH

eklitzke writes to tell us the OpenBSD journal is reporting that the Mozilla Foundation is donating $10,000 USD to the OpenSSH project. This comes as good news after the recent reported financial troubles from the OpenBSD and by extension the OpenSSH team. It seems that quite a few people have answered the call for aid made by OpenBSD's de Raadt.

Contribution made to OpenSSH or OpenBSD?

[Tumbleweed]

Is this going directly to OpenSSH efforts, or to OpenBSD in general? There's nothing in there that specifically states which.

There has been much talk in the recent past about the difference between wanting to support OpenBSD (and by default, OpenSSH), and just OpenSSH itself. Is it even possible to support 'just' OpenSSH?

Either way, a classy move by the Mozilla Foundation.

Now if you guys can just make Thunderbird stop sucking, I'd be much happier.

Re:Contribution made to OpenSSH or OpenBSD?

For something like this, no, you cannot effectively donate JUST to OpenSSH. Even if you could specify this *specific* amount of money is to be used for that project, if they wanted to they could just allocate that much less of their own money.

Re:Contribution made to OpenSSH or OpenBSD?

[dizzy+tunez]

Its going to both. OpenBSD and OpenSSH share the money. (Which is fine by me, since its the same dudes who makes the code to both projects)

Re:Contribution made to OpenSSH or OpenBSD?

[dsginter]

Is this going directly to OpenSSH efforts, or to OpenBSD in general?

This is going directly to Theo's "free as in beer" fund.

Re:Contribution made to OpenSSH or OpenBSD?

[Syberghost]

The Slashdot post is misleading; they donated to the OpenBSD project in general, not one specific subproject within it. Doing that would open up a can of auditing worms that wouldn't be in anybody's best interest.

Re:Contribution made to OpenSSH or OpenBSD?

[Theatetus]

Is this going directly to OpenSSH efforts, or to OpenBSD in general?

Since they're the same team, any donation is pretty much fungible (ie, $10,000 "for OpenSSH" still means Theo has $10,000 now freed up for OpenBSD, if that's how he sees the need to allocated it).

Re:Contribution made to OpenSSH or OpenBSD?

[C_Kode]

I brought this up in a "Ask Slashdot" a few days ago. (still pending) I'm a huge OpenSSH fan, but I do not use OpenBSD. I mainly use Linux for several reasons that I don't need to explain here. While I like OpenBSD I don't have a need to support OpenBSD. On the other hand I do use and would donate money to OpenSSH. The problem is, like so many of the children's charities among others. You donate $x amount of dollars and in the end not even a 4th of it goes to what you donated too. I wish OpenBSD lots of luck, but my interest lies only with OpenSSH and thats where I want my money to go.

A quote from the donations page:

Simply send a donation cheque in CDN/US/EUR funds made out to Theo de Raadt, since cheques made out to "OpenBSD" cannot be cashed.

There isn't a entity setup for OpenBSD or any other of their projects it seems. It's questionable what actually happens with the money donated.

Re:Contribution made to OpenSSH or OpenBSD?

[aaronl]

OpenSSH development is tied with OpenBSD because the project is *part* of OpenBSD. People just took the time to code it to be portable, and some effort is made to make sure that it works on other Unix platforms. It is more useful that way.

What you want is much like saying that you want to donate to Thunderbird, but not have the money go to the Firefox crew, as you only use Thunderbird. The same foundation is working on both, so the money goes to the group as a whole.

And yes, de Raadt really should set up a non-profit for OpenBSD, under the OpenBSD name.

Re:Contribution made to OpenSSH or OpenBSD?

[Just+Some+Guy]

I'm a huge OpenSSH fan, but I do not use OpenBSD.

Yes, you do, if you use any of the software that they ship as part of the base install. They've put thousands of hours into auditing all those and submitting their changes upstream.

Basically, you're donating to a team who audits and secures a lot of software, some of which they write in-house. It's not meaningful to ask them to work on only your pet project since none of it stands in isolation. For example, suppose that their new memory allocator shows an error in OpenSSH. Was the fix part of their ongoing authorship of OpenSSH, or would you credit it to the memory allocator project?

Re:Contribution made to OpenSSH or OpenBSD?

[freshman_a]

While I like OpenBSD I don't have a need to support OpenBSD. On the other hand I do use and would donate money to OpenSSH.

Uh, I hate to tell you, but it's all the same people. If you read the OpenSSH project is prettypage it states "OpenSSH is developed by the OpenBSD Project." So yes, you do have a need to support the OpenBSD project if you want them to continue to develop OpenSSH.

There isn't a entity setup for OpenBSD or any other of their projects it seems. It's questionable what actually happens with the money donated.

I'm sure they squander all the money on booze and hookers. Pardon the sarcasm, but it's pretty much the same as if you sent Linux a check to help support the Linux project. And if you check out the donations page, there's quite a list of names there. I'm sure if something fishy was happening to the money, someone would have noticed by now. Besides, the OpenBSD project is basically Theo's baby. Why would he jepordize it by not being honest?

Re:Contribution made to OpenSSH or OpenBSD?

[Doctor+Memory]

I'm sure they squander all the money on booze and hookers.

So OpenBSD's doing some marketing now? It's about time!

Re:Contribution made to OpenSSH or OpenBSD?

[fimbulvetr]

It's not meaningful to ask them to work on only your pet project since none of it stands in isolation

I'd say it just became a whole helluva lot more meaningful if he's willing to pay for one and not the other. Money talks, open source or not.

Re:Contribution made to OpenSSH or OpenBSD?

[Just+Some+Guy]

I'd say it just became a whole helluva lot more meaningful if he's willing to pay for one and not the other. Money talks, open source or not.

Money may talk, but you're asking it to speak gibberish. Again, there's no clear separation between OpenBSD and the OpenSSH subproject. The whole idea is like telling a C++ programmer that you want him to work on function foo(), but not class Bar which it's a part of.

Re:Contribution made to OpenSSH or OpenBSD?

[Slithe]

>> For something like this, no, you cannot effectively donate JUST to OpenSSH.

Here is a simple solution: look in the CREDITS file of the OpenSSH and find the developers who are responsible for the areas in which you desire some improvements and email them with offers to provide them money, hardware, or whatever they need to improve OpenSSH.

For the sake of convenience, here is the CREDITS file to OpenSSH-4.3p1

Tatu Ylonen - Creator of SSH; Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,; Theo de Raadt, and Dug Song - Creators of OpenSSH; Ahsan Rashid - UnixWare long passwords; Alain St-Denis - Irix fix; Alexandre Oliva - AIX fixes; Andre Lucas - new login code, many fixes; Andreas Steinmetz - Shadow password expiry support; Andrew McGill - SCO fixes; Andrew Morgan - PAM bugfixes; Andrew Stribblehill - Bugfixes; Andy Sloane - bugfixes; Aran Cox - SCO bugfixes; Arkadiusz Miskiewicz - IPv6 compat fixes; Ben Lindstrom - NeXT support; Ben Taylor - Solaris debugging and fixes; Bratislav ILICH - Configure fix; Charles Levert - SunOS 4 & bug fixes; Chip Salzenberg - Assorted patches; Chris Adams - OSF SIA support; Chris Saia - SuSE packaging; Chris, the Young One - Password auth fixes; Christos Zoulas - Autoconf fixes; Chun-Chung Chen - RPM fixes; Corinna Vinschen - Cygwin support; Dan Brosemer - Autoconf support, build fixes; Darren Hall - AIX patches; Darren Tucker - AIX BFF package scripts; David Agraz - Build fixes; David Del Piero - bug fixes; David Hesprich - Configure fixes; David Rankin - libwrap, AIX, NetBSD fixes; Dag-Erling Smørgrav - Challenge-Response PAM code.; Dhiraj Gulati - UnixWare long passwords; Ed Eden - configure fixes; Garrick James - configure fixes; Gary E. Miller - SCO support; Ged Lodder - HPUX fixes and enhancements; Gert Doering - bug and portability fixes; HARUYAMA Seigo - Translations & doc fixes; Hideaki YOSHIFUJI - IPv6 and bug fixes; Hiroshi Takekawa - Configure fixes; Holger Trapp - KRB4/AFS config patch; IWAMURO Motonori - bugfixes; Jani Hakala - Patches; Jarno Huuskonen - Bugfixes; Jim Knoble - Many patches; Jonchen (email unknown) - the original author of PAM support of SSH; Juergen Keil - scp bugfixing; KAMAHARA Junzo - Configure fixes; Kees Cook - scp fixes; Kenji Miyake - Configure fixes; Kevin Cawlfield - AIX fixes.; Kevin O'Connor - RSAless operation; Kevin Steves - HP support, bugfixes, improvements; Kiyokazu SUTO - Bugfixes; Larry Jones - Bugfixes; Lutz Jaenicke - Bugfixes; Marc G. Fournier - Solaris patches; Mark D. Baushke - bug fixes; Martin Johansson - Linux fixes; Mark D. Roth - Features, bug fixes; Mark Miller - Bugfixes; Matt Richards - AIX patches; Michael Steffens - HP-UX fixes; Michael Stone - Irix enhancements; Nakaji Hiroyuki - Sony News-OS patch; Nalin Dahyabhai - PAM environment patch; Nate Itkin - SunOS 4.1.x fixes; Niels Kristian Bech Jensen - Assorted patches; Pavel Kankovsky - Security fixes; Pavel Troller - Bugfixes; Pekka Savola - Bugfixes; Peter Kocks - Makefile fixes; Peter Stuge - mdoc2man.awk script; Phil Hands - Debian scripts, assorted patches; Phil Karn - Autoconf fixes; Philippe WILLEM - Bugfixes; Phill Camp

- login code fix; Rip Loomis - Solaris package support, fixes; Robert Dahlem - Reliant Unix fixes; Roumen Petrov - Compile & configure fixes; SAKAI Kiyotaka - Multiple bugfixes; Simon Wilkinson - PAM fixes, Compat with MIT KrbV; Solar Designer - many patches and technical assistance; Svante Signell - Bugfixes; Thomas Neumann - Shadow passwords; Tim Rice - Portability & SCO fixes; Tobias Oetiker - Bugfixes; Tom Bertelson's - AIX auth fixes; Tor-Ake Fransson - AIX support; Tudor Bosman - MD5 password support; Udo Schweigert - ReliantUNIX support; Wendy Palm - Cray support.; Zack Weinberg - GNOME askpass enhancement; Apologies to anyone I have missed.; Damien Miller ;

Re:Contribution made to OpenSSH or OpenBSD?

[thc69]

On a sufficiently cold day, would that be a "slush fund"?

Re:Contribution made to OpenSSH or OpenBSD?

How much does OpenBSD donate to the third party software devs that they use?

The system includes the following major components from outside suppliers:

        * X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org)
        * Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
        * Perl 5.8.6 (+ patches)
        * Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
        * OpenSSL 0.9.7g (+ patches)
        * Groff 1.15
        * Sendmail 8.13.4, with libmilter
        * Bind 9.3.1 (+ patches)
        * Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
        * Sudo 1.6.8p9
        * Ncurses 5.2
        * Latest KAME IPv6
        * Heimdal 0.7 (+ patches)
        * Arla 0.35.7
        * Binutils 2.15 (+ patches)
        * Gdb 6.3

Re:Contribution made to OpenSSH or OpenBSD?

[ignorant_newbie]

> How much does OpenBSD donate to the third party software devs that they use?

see where it says "+ patches" in your list?that's when they contribute fixes for problems in the software. They then notify the project that actually owns the software, who can then use the patches too. This is probibally more useful than sending money.

Re:Contribution made to OpenSSH or OpenBSD?

[SigILL]

it's more likely he'll buy lots and lots of noodles or cola with it.

Or pay the electricity bill. It's about $5000 a year.

Re:Contribution made to OpenSSH or OpenBSD?

[nacturation]

Also remember to donate to Slashdot so they can pay a developer to add the BSD section back to the sections list on the left. ;-)

Re:Contribution made to OpenSSH or OpenBSD?

[vuud]

And yes, de Raadt really should set up a non-profit for OpenBSD, under the OpenBSD name.

Not as easy as one might think - especially when dealing internationally. I personally know of one instance where a very large company in the UK gave up trying to form a non-profit in the U.S. because of all the tax issues. They just gave up and pulled out.

Anyway, probably a non-profit in canada may not be recognized as a non-profit in Boliva, etc...

It's been discussed on misc a few times.

Re:Contribution made to OpenSSH or OpenBSD?

[linzeal]

No matter how much you pay the hooker she can't do your C++ homework for you, I've tried.

Re:Contribution made to OpenSSH or OpenBSD?

[clymere]

Pardon the sarcasm, but it's pretty much the same as if you sent Linux a check to help support the Linux project.

This is where you're wrong. The Linux kernel, and virtually every other large open source project is funded through officialy recognized organizations of one sort or another. Nobody is making checks out to Linux Torvalds personal checking account.

The issue of whether or not Theo is going to squander the money is irrelevant. Many organizations, in particular large corporations with deep pockets, simply CAN'T support a project like OpenBSD by cutting a check to an individuals personal account. Not only is it going to be against company policy, they can't claim it as a deduction on their taxes because it went to an individual, not a recognized non-profit.

Large companies like IBM set aside a certain portion of their budget each year to donate to these kinds of causes...probably just for the tax deductions. Since they are already planning it, getting them to throw some your way is easier than you'd think. But asking to write you a personal check goes outside of that established system, and creates a whole lot more work for them.

Does it make sense to make it harder for someone to GIVE you money? No.

If Theo wants donations on a large scale, he will need to get that taken care of eventually. Everyone else has.

Re:Contribution made to OpenSSH or OpenBSD?

[uncanny]

also donate to the victims of the slashdot effect!

Serious question.

[AltGrendel]

Is this something that can be deducted from Income Tax as a charitable donation?

Re:Serious question.

[iamdrscience]

Is this something that can be deducted from Income Tax as a charitable donation?

No because they are not a registered non-profit organization, you cannot deduct contributions to them from your taxes. Honestly, I can't think for the life of me why they haven't become a non-profit yet. I mean, it's somewhat of a hassle yes, but I'm sure the benefits would be worth it. Both NetBSD and FreeBSD have set up non-profit foundations (DragonFly BSD has not).

Seriously, not having non-profit status is certainly part of why they're having trouble getting funding. It means that any contribution made to them is taxed (so they're not able to use all the money that is given to them) and I'm sure it makes companies less likely to donate to them as well because they're not able to deduct their contribution from their taxes either. I mean, I'm not saying this is the silver bullet that would solve their funding problems, but it's certainly part of it and I think it's a bigger part than they realize.

Re:Serious question.

[Scott+Wunsch]

Honestly, I can't think for the life of me why they haven't become a non-profit yet.

They may well be. However, they're also Canadian. That means:

1. Just incorporating as a non-profit isn't enough. They'd also have to register as a charity, and in Canada, that means a lot of paperwork, and a lot of restrictions.
2. I'm not sure how international donations work for tax purposes, but I bet it still wouldn't be easy for Americans to write off their donations, even if OpenBSD were set up as a Canadian charitable organization.

Re:Serious question.

[dghcasp]

> Honestly, I can't think for the life of me why they haven't become a non-profit yet.

Well, there are two obvious answers; your choice may depend on your feelings about Theo...

1. OpenBSD is based in Canda. That's what lets them get around the US ITAR restrictions on strong encryption. But, on the other hand, if they set up a non-profit, they would only be able to give deductions off Canadian taxes, which doesn't help companies in the U.S. Incorporating as a non-profit in the US and transferring all the money to Canada would require dual taxation returns (which are a pain) and might affect the Non-Profit status in the U.S.
2. Right now, their donations page says "Make cheques out to Theo." If they incorporated in any way, they would need to have, for government purposes, an official set of accounting books, which might prove less, ehm, "personally beneficial" to Theo.

Nothing personal

"It seems that quite a few people have answered the call for aid made by OpenBSD's de Raadt."

Nice to know that some people don't let their personal feelings get in the way of doing what's right.

Congratulations to the Mozilla Foundation

[stox]

For clearly demonstrating they are part of the whole community. If other organizations would take the same attitude, we would all be much better for it.

Re:Congratulations to the Mozilla Foundation

I disagree. Donations to the Moz foundation should go toward work on improving the broswer. It's not their place to redirect donations.

Re:Congratulations to the Mozilla Foundation

[JFitzsimmons]

I wonder how many security patches OpenBSD has submitted to the mozilla project. I don't know, but this point makes the argument swing both ways. In theory, any software that runs on OpenBSD has to be audited for security, and any changes can be submitted upstream. Perhaps OpenBSD is doing more work for the Mozilla foundation than you might originally think.

Re:Congratulations to the Mozilla Foundation

[Kelson]

1. Given that Mozilla does acutlaly have a revenue stream in addition to donations, what makes you think that $10K is all redirected donations?

2. Given that "the Mozilla project uses SSH extensively for various purposes, including securing connections to the Mozilla CVS repository," perhaps supporting further development of OpenSSH might be considered important for continued development of the browser?

What about other uses of money that aren't directly "improving the browser?" Would it be acceptable for MoFo to buy new servers for download mirrors? Support forums? How about Windows licenses or Mac hardware for development workstations, build boxes, and QA?

3. While we're at it, what is it with the donate-but-with-strings-attached attitude these days?

NO

[DAldredge]

"While donations are not US tax deductible as charitable contribution" is what their website says. I guess they don't want to become a true non-profit org for some reason.

Re:NO

[DevanJedi]

This is true- unless he attached a note saying "Sell the Picasso!"

Re:NO

[Geekboy(Wizard)]

You cannot take advantage of a Non-Profit status in Canada, on your taxes in the US.

Re:NO

[SigILL]

I guess they don't want to become a true non-profit org for some reason.

They don't want to because of the huge administrative overhead that incurs. Theo'd much rather work on the next feature or security audit than on handling that.

Of course, you're free to set up your own non-profit "Friends of OpenBSD" foundation if you want to.

Isn't 10K too low?

[guyfromindia]

Considering the rumors that the foundation makes something close to $72 million? (http://news.zdnet.com/2100-9588_22-6048377.html)
Quoting Chris Blizzard, a board member "I won't comment on the dollar amount, except to say that ($72 million) is not correct, though not off by an order of magnitude...."
Guess any amount is fine...but 10K seems too low, IMHO

Cisco

[porkThreeWays]

It's sad that Cisco isn't on the list...

Trace the source

[quokkapox]

This money is coming from the Mozilla Foundation, which makes serious dough from google searches run via the firefox browser's default start page and the default search engine field. So use firefox, hit CTRL-k to search with google, and keep it going.

This just goes to show...

[TechnoGuyRob]

This just goes to show how little financial support there is for open source projects. Everyone thinks that the F/OSS and contracts will relieve everything, but the truth is, open source software needs all the help that it can get. Mozilla Firefox is one of the few projects that was lucky enough to gain widespread recognition, but in order for open source to survive, we must all work for it, not take it for granted.

You may not realize it, but there are countless of excellent OSS projects out there. Imagine the amount of people that have monetary troubles every single day; now image that as being a lot more difficult, and you will see the struggles of an open source programmer. Advertising and the occassional donation simply ISN'T going to do it. The worst part is, no one has figured out a source for an actual revenue stream. If we don't ensure the survival of an increasingly popular commercial model, we might face another "dotcom" crash--after all, money has to come from somewhere.

Re:This just goes to show...

[99BottlesOfBeerInMyF]

The worst part is, no one has figured out a source for an actual revenue stream.

Where do people get ideas like this? Revenue comes from the same place as most software, the end users. How many people does IBM pay to work on open source software they use internally? When companies want features added, customization, or support for open source software they pay someone to provide it. It is not like this is anything new. Right now I work for a company that sells hardware with a lot of customized, closed source software on it. The boxes also include a lot of open source software on them. They run Linux or a BSD as the OS and make use of lots of popular server software. We do our development using mostly open source tools. What happens when we find a bug in something? We report it. That is free QA work. Sometimes we fix it; free coding. Sometimes we need more functionality; again free coding.

That is all work our company paid someone to do and went into open source projects. That money comes from our investors and customers. So you might say, "so what?" That is only 40-50 engineers spending maybe 5% of their time. But that is what we need, so that is what we do. There are thousands of companies out there, of all sizes, doing the same thing. Some contribute a few hours a month from one developer and some hire people full-time to just improve a project, help steer the project's direction, and be an in-house expert on it. The developers are being paid. The code is being written. The end users are getting a very good deal. That is the primary business model of open source software, and it has been working for decades.

P.S. more people would donate to Theo's cause if he could establish a proper non-profit for the US.

Re:This just goes to show...

[BigZaphod]

How can there be a dotcom crash of OSS? Most everyone involved in producing the stuff does it with the foreknowledge that there isn't any money in it directly - and yet they persist. That's because many people are driven more by a need to create than a need to make money. You see that in the extreme with the classic "starving artist" and a lot of the best OSS hackers fit in that same category. They do what they do for the love of it or because there's some kind of deep internal drive to create their visions. No it doesn't put food on the table, but that's often not the point. The beauty of OSS is that even if one author stops due to the demands of real life and the need to eat, their contributions are public and visible for the next hackers to step up and take over. OSS doesn't necessarily work as a model to sustain one individual; instead it works at a level above that - it is the currency of a culture.

Let's hope

[bogie]

That he uses the money to establish a foundation that is equipped to do things like fundraising and marketing. As I said before, being a non-profit is hard as heck, he needs to run it like a business and hire people who have real world non-profit experience. Raising just enough money to get by without committing to major organizational change is extremely shortsighted. Let's also hope that others follow the Mozilla foundation's example.

Well, I'll give it a shot...

[dominion]

The Appleseed Project could use funding. And a foot massage.

Mostly we'll just settle for a foot massage.

$10,000 doesn't go very far

[RingDev]

Think of it this way, if the median salary for the development team is say $55k/year, plus benefits and taxes, and there are what maybe 4 team members (developers + manager)? You are looking at a cool 1/4 mil per year. Which means that $10k will keep the developers paid for roughly half a month of full time work.

Nothing against OS development, but if you want a professional package, someone has to pay for it.

-Rick

NO

[paulpach]

You could argue 0 is too low, and even then you would be wrong. Mozilla is already giving much more: The best browser in the world whose development costed a lot more in man-hours and money. They have no obligation whatsoever of giving a dime to bsd any more than you do.

So regardless of how much money the Mozilla foundation makes, if out of their heart, self interest or whatever decide to donate $10k ( or even $10), all you get to say is "thank you", and if you really want to show appreciation, ask "is there anything I can do for you?".

Conspiciously absent...

[rongage]

If you looked through the list of donations on Theo's donations page, it's quite curious that some of the larger commercial interests in the Linux World (RedHat, Novell, etc...) are NOT in there.

Of course, they may have requested no publicity.

This is Slashdot, I'll let you draw your own conclusions here... :)

Re:Conspiciously absent...

[SigILL]

some of the larger commercial interests in the Linux World (RedHat, Novell, etc...) are NOT in there.

Of course, they may have requested no publicity.

Nope, they just didn't donate.

Hell, IBM even wanted the OpenBSD team to handle end-user support for one of their high-paying customers for free.

NO (too complex for international donations)

[kneecap]

Theo has always stated that it was more difficult to setup a non profit in Canada. There was also recent statements that for international donations it is even more difucult to do. If they were in the U.S. they could more easily accept non profit or 'Not for profit' donations from US residents but then they may run into future crypto export restrictions when they try to export advanced crypto from the US. So they stay in Canada and can do what every then need to do to keep OpenBSD, OpenSSH, OpenNTPD, OpenBGP & OpenCVS as secure as they can without worrying about politician whims on crypto export matters.

Re:NO (too complex for international donations)

[codemachine]

Setting up a non-profit company in Canada is trivial. Getting it set up so that you can give charitable tax receipts is another thing completely.

Theo really should set up the OpenBSD foundation instead of having cheques go to himself. Even if it isn't set up to give out tax receipts to donors, it would give people a bit more assurance that the money is going towards OpenBSD.

This is great news, however...

[pestilence669]

I've noticed some undue emphasis placed on OpenSSH & OpenSSL. They are GREAT packages, but not the only thing people benefit from. Don't forget, that nearly every commercial operating system has pilfered code from the BSD projects.

EVERYBODY should contribute, especially the companies that have profited from the hard work of the team.

Re:This is great news, however...

[evilviper]

When you have such liberal licensing terms, don't bitch about people not giving back.

Shut up. The BSD license makes it legal for them to turn a profit on the code, without giving any money back (just like the GPL and any other open-source license), but it doesn't make it any less immoral, and it certainly doesn't mean they shouldn't be publicly shamed for it.

Particularly when these companies are full of hot-air about how much they support open source.

Re:Good for Mozilla.

[liliafan]

I can see their point, there are other ways to get around this problem and other tools available to people. OpenSSH is a secure project every feature you add is another potential security hole, so really is makes sense for them to refuse to add this feature, in other instances where there is no other way to workaround this problem the developers would willingly add the code to the project but this particular case has other solutions.

Donation is to OpenBSD, not OpenSSH

[QuietLagoon]

From the Frank Hecker's report of Mozilla foundation activities:

OpenBSD project. The Mozilla Foundation made a $10K donation to the OpenBSD project in support of development of OpenBSD, OpenSSH, and related activities. The OpenBSD project does great work in the area of creating a secure Unix-like operating system (which runs Firefox, of course) and developing related security technologies. In particular the Mozilla project uses SSH extensively for various purposes, including securing connections to the Mozilla CVS repository. The OpenBSD and OpenSSH projects have been experiencing some financial difficulties, and based on their importance to the Mozilla project and to the wider open source and free software world we felt that it was well worth showing our support for them.

Re:Good for Mozilla.

[DeBeuk]

A lots of people/companies asked the OpenSSH group to include the ability to include rate limiting due to large SSH user/dictionary attacks being run by script kiddies. One person even WROTE it for them. I believe the OpenSSH group's response was "Not an ssh problem."

It's not an ssh problem. Connection rate limiting is something you really want to do with a firewalling solution.

Re:Good for Mozilla.

[lactose99]

Considering OpenBSD's pf packet filter already has support for connection rate limiting (and it works quite nicely), I'm inclined to agree with them. You could always run sshd via inetd or xinetd for connection limiting if needed.

Thunderbird

[Noksagt]

I can't compose messages in plain text?

As replied to you: yes, you can.

I can't have signature lines automatically removed when replying and quoting?

It does this too.

I can't change the name of my outgoing account when composing?

If you get the Buttons! extension you certainly can.

Crazy. Gimme kmail on Win32 and I'll be much happier.

happy?

OpenBSD and the money

[menix]

http://marc.theaimsgroup.com/?t=114312315700005&r= 1&w=2

There has been such a great soap opera on this on the OpenBSD mailing list.

It's nice to see mozilla.org donate some cash but the real money should be coming from IBM, Redhat, Cisco and all the other vendors that bundle OpenSSH into their products. Somewhere in that post is a link to an email chain where IBM demanded Theo fix a bug that was in OpenSSH. (I believe the bug was fixed in a more recent version of OpenSSH then they were bundling.)

Sure, they could change the license for OpenSSH and start making money off it but that's missing the point of what the BSD license is all about.

It costs a lot of money to run that project and keep ahead of the jerks who are trying to break into your systems every day.

If you use products from vendors that have OpenSSH bundled in them and they aren't on http://www.openbsd.org/donations.html then send them an email and ask them to give regularly. that's the only thing we can do to help keep us safe on this hostile internet!

GO PUFFY

Hypocrisy considered harmful.

[44BSD]

I seem to recall RMS getting a 'genius grant' a while back. IIRC, those grants come with no strings, not traceability, and aren't conditional upon the recipient being tax-exempt. Basically, the idea seems (I know this sounds nutty) that people who are passionate about something and have made it their life's work will take such gifts in the spirit intended by the giver.

Now, I may be wrong, but I do not recall a flamefest back then about how that anticapitalist hippie Stallman would just spend the money on pizza and T-shirts. Why is it, then, that when the Mozilla group seeks to fund OpenSSH, the standard seems to be different?

Re:Even more conspicuous

[Kelson]

Darwin is based on FreeBSD, not OpenBSD -- though I must admit, I have no idea how much cross-pollination there is among the *BSDs -- but like most of the civilized world, they do use OpenSSH.

Re:Mozilla - "OpenSSH" - Beer! Laundry Time!

[thc69]

The rest of your post makes a lot of sense. If you're correct that donation checks are written to Theo personally, then that's rather icky and would discourage me if I was inclined to donate.

However, posting

Now, you don't have to ask around much to find out how that money is handled. Hell, some of it seems to literally go under his mattress.

without backing it up is kinda trollish. I'd be interested in seeing the information whose existence is implied by that statement.

BSD is NOT dead

[rdoger6424]

Suck it netcraft!

Re:a very bad move

[Brandybuck]

This is like donating to the EFF, then finding out that the money was redirected to PETA. That's just plain offensive.

EFF and PETA are political organizations with specific ideologies. Mozilla, OpenBSD and OpenSSH are apolitical volunteer SOFTWARE PROJECTS! Sheesh.

Create nonprofit openBSD for nothing ..

[Blu-Ray]

Software Freedom Conservancy offers nonprofit umbrella to free and open source projects

see this groklaw page for entire article http://www.groklaw.net/article.php?story=200604011 21120517

Here's yet another creative idea to protect FOSS developers. The Software Freedom Law Center has launched the Software Freedom Conservancy, which is designed to permit certain projects accepted as members, such as Wine, uClibc and BusyBox currently, to apply for and then benefit from nonprofit tax-exempt status. The Conservancy does all the onerous paperwork needed to set it up and run that way.

It does the paperwork and it provides the umbrella. It will file one tax return covering all members' projects, and it will handle the other corporate and tax issues that are associated with becoming a nonprofit and then operating as one, as well as holding project assets and managing them as the project directs. That leaves projects members free to code. It's a free service, if your project is accepted as a member.

Re:a very bad move

[dolphinling]

The Mozilla Foundation's mission is to "promote choice and innovation on the internet". When you donate to them, you're giving money to further that mission.

Choice is not limited to simply web browsers. Without Free OSes, you can't connect to the internet in a Free way. As an established, mature project that is having only monetary difficulties (not community difficulties), OpenBSD is an obvious choice to give money to.

As a group that develops OpenSSH and provides security audits, OpenBSD is also obviously helping innovation (not necessarily by making new features, but by making sure the ones there work well). Once again, it makes perfect sense for the Mozilla Foundation to, in the course of "promoting choice and innovation on the internet" to donate to them.