Kernel Trap Interview with Theo de Raadt

An anonymous reader writes "KernelTrap has an insightful interview with Theo de Raadt, creator of OpenBSD. The wide-ranging interview focuses first on the past few years of OpenBSD development, then moves on to the recently released OpenBSD 3.9. De Raadt talks about how binary blobs threaten free software, and how OpenBSD developers work to reverse engineer them. He also talks about the future of OpenBSD, his views on Linux, and why developing truly free software is so important to him."

Blobs eh

[GigsVT]

If you feed them jellybeans, they will do useful things for you.

Re:Blobs eh

[A+Boy+and+His+Blob]

Indeed, I can confirm this.

Dang it...

[DaHat]

I was hoping he'd say something about his thoughts on Linus' calling the Mach and FreeBSD people 'incompetent idiots'.

Sure he's an OpenBSD guy... but I'm sure he's got an opinion on it.

Theo

Weird... was Theo having a bad day? He's always seemed like such a nice guy, but in this interview he really comes off like a total a-hole... very un-Theo-ish.

Re:Theo

He always seemed like such a nice guy? What planet do you live on?

Re:Theo

[jonnythan]

The planet where people laugh at jokes.

Re:Theo

[grub]

He's always been cordial when I've had dealings with him. In fact recently on the misc@ list I mentioned problems with getting both cores on an AMD64X2 going with 3.9, pasted dmesgs, etc. and he wrote me off-list suggesting I compile up to -current. His suggestion worked and saved my sanity.

Re:Theo

Wow, he told you to use the latest version!

Re:Theo

[grub]

My point was that he didn't yell "Upgrade to -current, you mindless fucking retard!" or whatever people may assume he'd write. And his subsequent mail was just as cordial.

Re:Theo

[MerlynEmrys67]

Here is the problem with Theo. He is smart and opinionated. Having these two things in common make him a very difficult person to get along with if you are either Smart, but hold a different opinion because you come from a different set of assumptions - but especially if you are NOT smart and opinionated.

I have had discussions with Theo about trying to get my current employer (at the time) to open up documentation so OpenBSD could write drivers for our hardware. Lets just say I failed (Sorry Theo - I really tried, to the point that my annual raise was affected by it). However I found Theo to be very supportive and personally agreeable to me - I assume he realized I was trying to help and doing the best I could.

I can imagine people that are fighting against things he is trying to do could see him in a negative light - but again... I see the same kinds of things said about all of the great ones.

Re:Theo

[ArbitraryConstant]

I've witnessed him being an asshole.

Having to deal with him regularly might not be fun, but sometimes it takes assholes to get things done because they're prepared to piss people off to do what needs doing. If the goal were to make OpenBSD into another Ubuntu or Gentoo, his attitude probably wouldn't be that helpful, but for the goals they have it seems to work.

Re:Theo

Wow! Did he also offer to suck your withered cock?

Re:Theo

[jo42]

Thank Gawd he's not a limp-wristed, touchy-feely, mamby-pamby, pear-shaped, wet noodle.

Re:Theo

"See, there's three kinds of people: dicks, pussies, and assholes. Pussies think everyone can get along, and dicks just want to fuck all the time without thinking it through. But then you got your assholes, Chuck. And all the assholes want us to shit all over everything! So, pussies may get mad at dicks once in a while, because pussies get fucked by dicks. But dicks also fuck assholes, Chuck. And if they didn't fuck the assholes, you know what you'd get? You'd get your dick and your pussy all covered in shit!"

Re:Theo

[Pollardito]

I have had discussions with Theo about trying to get my current employer (at the time) to open up documentation so OpenBSD could write drivers for our hardware. Lets just say I failed (Sorry Theo - I really tried, to the point that my annual raise was affected by it). However I found Theo to be very supportive and personally agreeable to me - I assume he realized I was trying to help and doing the best I could.

a nice guy is someone who's nice even when you don't have something that they want, an asshole can certainly act nice if it profits him. it doesn't sound like your experience was one where an asshole and a nice guy would necessarily give a different impression, i'm sure that BSD would have benefitted from having your hardware opened

Re:Theo

[grub]

I've witnessed it, too. Usually warranted (imho) as the person won't read the FAQs or manpages. Or won't listen to reason. Or expects the lists to be a google-proxy.

Re:Theo

I've only interacted with him a couple times in online-forums. Indeed he has at times disagreed with my point of view, skipped over the traditional "You are wrong because..." portion of a discussion, and instead launched (almost incoherent) personal attacks. Taking into account his obvious intelligence, coupled with the number of times his behaviour has really stung him personally, and I really believe the guy just can't help it -- quite simply, he goes off half-cocked.

To all the people that call him as asshole and never miss an occasion to trash him publically, I can only say that his actions speak louder than words: The guy is astonishingly committed noble pursuits ... a characteristic a lot more rare than mere technical skill.

Re:Theo

[MoxFulder]

BSD confirms it. Theo is rude.

Re:Theo

[Lost+Found]

I personally think Linus's style is much more effective at getting things done. Select people you trust to watch the things you cannot, then periodically tell people what they're doing wrong while you sit at the helm of the project.

And he's of course not the slightest bit afraid to speak his mind.

Re:Theo

[Pseudonym]

Here is the problem with Theo. He is smart and opinionated. Having these two things in common make him a very difficult person to get along with if you are either Smart, but hold a different opinion because you come from a different set of assumptions - but especially if you are NOT smart and opinionated.

I know we all know this, but Linus has much the same problem, which is why he calls Neo-BSD developers rude names when they come to a different conclusion than him on some topic.

But, of course, that's all part of the charm. Hubris is one of the Larry Wall programmer virtues. There's nothing wrong with it so long as everyone understands that it's not personal. Neither Linus nor Theo would ever use a rude name against an individual developer or organisation unless they truly were not smart.

Re:Theo

[laffer1]

You got to be kidding me. Theo's got a serious attitude problem. He told me if he ever met me, he'd kick my ass because I didn't know who he was when I first got into FREEBSD! I had a confrontation with him on freebsd-questions early on. Granted I didn't know what the hell i was talking about at the time, but he went on another bsd's mailing list and insulted their users. Intelligence has nothing to do with knowing about a specific thing. I wasn't up on bsd history then. I've met many smart people doing IT work that couldn't read their email. I don't think they are automatically stupid as a result. (Doctors, lawyers, etc)

If you need further proof of Theo's attitude, look up the history behind him leaving NetBSD. You'll find that he co-founded NetBSD, had a fight with the rest of the core team and ended up fork()ing OpenBSD. I don't think he was completely in the wrong, but he didn't handle it very well either. I'm sure there was more too it than that. I don't blame theo for controlling OpenBSD the way he does. He got burned once and Linus has a firm grip on the Linux kernel as well. Even FreeBSD has a rough track record with developers, look at Matt Dillon's situation and his DragonFly fork.

I think most open source developers can be real dick heads. We are often opinionated and think we are always right. We also love attention.. hell its free software, what else will we get out of it. (except the people who write books to profit...) I'm including myself in this group. It takes arrogance to create/fork an operating system or develop a programming language. (Larry Wall, Theo, Linus, etc)

Re:Theo

Oh, yeah! Theo has NEVER said a bad word to anyone. He's sweetness defined.

It's very fortunate for him that he's so good at what he does professionally because he's otherwise a very insecure man who results to the same kind of abusive language as any other insecure person does.

Those defending his outbursts have pulled the wool over their own eyes. When you see a little kid screaming and yelling calling people names you know all is not well. But not to this group. Oh no! It's a necessity! It's OK for someone smart and whatever nonsense.

Guess why people stop supporting and even pull their support? Clue, it has nothing to do with the product...

You see them flame anyone not aware that they are doing this for themselves and nobody else matters. Unless they are short on money, then for some reason the tune changes.

The problem is they simply refuse tho see that good public relations is important when you do fund raising.

Yelling like a drunk sailor caught in a bar with landlobbers, simply is not the way to go!

Re:Theo

[ArbitraryConstant]

Linus's style is much more effective at getting Linux development done. OpenBSD is much more tightly integrated.

Who cares

[Viriatus]

about BSD??

FCC Rules

[jusdisgi]

I sure wish he had taken a better position on the wifi "FCC Rules require Binary Blobs" issue. He basically agreed that the FCC does require that the consumer not be able to change the frequency, but claimed that it should be dealt with in hardware, not the driver. This line is particularly poorly thought out: "Let the FCC go after the vendors who made the flawed devices."

See, here's the thing...the people he needs to convince here are the hardware manufacturers. You aren't going to get them to release open drivers by suggesting that the FCC should "go after" them. In fact, it serves to reinforce their binary-blobs-only position; after all, that's their current protection. But worse, by tacitly agreeing with their position about the FCC rules, he cedes the important part of the argument...the part where he could have won it. That's because while the FCC does indeed require that the consumer not be able to change the frequency to licensed spectrum, they have never taken the position that changing the source code is normal consumer operation. After all, consumers can change the frequency on many other chipsets (even in Windows) with binary patches. This is simpler than changing source code and recompiling it. I have never heard anything from the FCC that says you can't distribute source code with this functionality. Which is good, because the current mainline Linux kernel does distribute code that does this. If FCC rules actually forbade this (as the hardware companies are claiming) then it would be illegal to distribute the Linux (and presumably OpenBSD) kernel in the USA.

There was a wonderful discussion of this on the LKML recently in context of Intel's binary blob driver.

Re:FCC Rules

[gowen]

You aren't going to get them to release open drivers by suggesting that the FCC should "go after" them.

Theo de Raadt in "Express opinion first, consider consequences later (if at all)" shock.

Re:FCC Rules

[Homology]

See, here's the thing...the people he needs to convince here are the hardware manufacturers. You aren't going to get them to release open drivers by suggesting that the FCC should "go after" them.

You did not really read that article, did you? OpenBSD wants hardware documentation, and besides, why should I as an EU citizen care about FCC regulations?

Re:FCC Rules

[TigerNut]

As a current and past employee of several companies that make wireless transceivers subject to FCC licensing, I can tell you that there is no cost effective way to limit a device to FCC restrictions purely in hardware. Example: A cellular radio or any other modern RF link uses a synthesizer to set the transmit frequency. The output frequency of the synthesizer is a function of the reference frequency and the programmed divide ratio, and the total span of achievable output frequencies is dependent on the VCO that the synth is controlling. The maker of the synthesizer is not usually in a position to dictate the exact reference frequency, nor the VCO that it's hooked up to. The VCO vendor doesn't dictate the type of system that it will be installed into, and therefore can't strictly limit the frequency that it will tune to - and even if they did know exactly where it was going to go, then production tolerances dictate that you have some tuning margin in the design to allow all parts to hit the specified span. That means that individual parts will be tunable outside of the specified span on either the high or low side, and if the micro that controls the synthesizer commands a frequency outside the FCC limits, a lot of the time the hardware will have no problem doing it.

The same thing applies generally to power output levels. Sophisticated radios have some spare margin in the transmitter power output, and the actual output power level is calibrated at manufacturing time and then set in a FLASH based lookup table. The output power is then controlled using the embedded micro, driving a DAC. In this system, having open code on the embedded micro means that an uncaring individual could just crank the power output without regard for the FCC requirements.

You can say what you want about the motivations and ethics of the OpenBSD team members - if the source is out there, there will be others that take advantage of any "gains" they could make by tweaking some tuning parameters beyond the design or regulatory limits.

Ask Theo de Raadt how long it took him to get from his buffer-overrun Sun console hacking days to where he is now - almost everyone goes through a phase where "Just because I can" is sufficient justification to do poorly thought out things.

Re:FCC Rules

[HardCase]

...why should I as an EU citizen care about FCC regulations?

For the same reason that I, as a US citizen, should care about the EU's RoHS regulations.

Re:FCC Rules

[TigerNut]

For you, the EC certification organization rules things just like the FCC does in the US and Industry Canada does in the Great White North. There is no place on the planet (or, in fact, within about 40,000 km of its surface) that there isn't a wireless standards compliance organization that claims control of the airwaves. One of the reasons that radio works at all as a commercially available communications medium, is that everyone designing and deploying the transmitters is playing by a cooperative set of rules. It would not take too many folks deciding that their transmissions were more important to significantly degrade the utility of wireless systems.

Re:FCC Rules

[jusdisgi]

You did not really read that article, did you? OpenBSD wants hardware documentation...

I did indeed read the article...I just recognized the larger issue that was not explicitly stated therein. Yes, what he really wants is documentation, although I'm sure he would be just as happy if they simply released the source to their binary blob. In any case, the reason he wants documentation is so that FOSS developers can write a completely open source driver for their hardware. The reason the hardware manufacturers refuse is ostensibly that it would violate FCC rules. The argument for that is that the FCC prohibits devices that the consumer can change to a licensed frequency. TFA actually discusses this.

...and besides, why should I as an EU citizen care about FCC regulations?

Surely you are just making a joke, and are not so utterly naive. You'll note that Theo is Canadian, but he obviously seems to care. When you find a wifi chipset that isn't sold in the USA at all, let me know. Until then, the restrictions placed on hardware and software manufacturers by the US government will continue to have a strong impact on FOSS users, regardless of where they live. This is an excellent example; you aren't under FCC jurisdiction, but you're still stuck with binary blob drivers from companies that claim it's their only method of FCC compliance.

Re:FCC Rules

[Homology]

For the same reason that I, as a US citizen, should care about the EU's RoHS regulations.

FCC rules does not apply to me, so why should I care about those restrictions? This is similar to use of strong encryption and US regulations.

Re:FCC Rules

[jusdisgi]

As a current and past employee of several companies that make wireless transceivers subject to FCC licensing, I can tell you that there is no cost effective way to limit a device to FCC restrictions purely in hardware.

I understood that sentence, but very little of the technical discussion that followed. However, it seems like you're making this too hard; if one wanted to limit the output of an RF transmitter in hardware, wouldn't it be trivial to simply put a couple of RF filters (one high-pass, one low-pass) in front of the antenna connector?

Re:FCC Rules

[jusdisgi]

Now damn it, this is completely wrong. Read my other reply to your previous, identical statement, which I posted before you posted this. Our laws impact you because the hardware manufacturers want to sell their stuff here. So you are stuck with FCC compliant products, regardless of whether you are under FCC jurisdiction.

Re:FCC Rules

[Homology]

An open source driver is not the same as documentation. In the article he mentions open source drivers written under NDA that are essensially unmaintainable, whence of dubious quality. In another article Theo de Raadt describes open source drivers written under NDA as the open source equivalent of binary blobs.

As for FCC regulations and me as an EU citizen: I don't have to comply with FCC regulations while not in USA. The same goes for strong encryption. In this sense I don't care about FCC regulations. That US based companies think that I should care about FCC just means I go elsewhere with my money.

Re:FCC Rules

[drinkypoo]

That would limit the possible frequencies but do nothing for the power levels. The FCC not only limits which frequencies you're supposed to be able to use in the US, but also total output power levels which depend on the antenna fitted. For instance if you use a primestar dish with a coffee can, and have super high gain, you are required to turn down your transmission power to be within FCC regs. Also, it would require additional hardware, which would cost money.

Re:FCC Rules

[TigerNut]

Filters limit the frequencies that a system can broadcast or receive, but they also have an insertion loss penalty. This reduces the efficiency of the system significantly - if a given filter has 1 dB insertion loss (which would be pretty good, implying that the filter probably costs a decent amount of money) then it would impart a 20 percent reduction in power output. Therefore it would cost you 20 percent more current, at least, to get the same RF range. That would (a) decrease the battery life and (b) increase the heat load in your system.

Wireless system designers use filters already to limit out-of-band emissions, but the problem is that no practical filter has a 'brick-wall' response where the passband ends exactly at the edge of the allowed spectrum. In a typical 2.4 GHz wireless network system you could probably go outside the band by 10 MHz before the filter rolloff became significant. With that freedom, an enterprising wireless LAN operator could set up his own little playing area away from everyone else's interference - but he'd be tromping on some unsuspecting folks.

Re:FCC Rules

[qwijibo]

An individual who changed the code would potentially be in violation of FCC regulations. However, that's not the same as saying that the possibility facilitates an actual problem. The code is not likely to be modified by most users. Hams are allowed to modify and utilize radio hardware in the appropriate bands. I don't know how many people would really do so, but cutting off the possibility of compliant experimentation because of the possibility of noncompliant abuse seems like a uneven tradeoff.

Re:FCC Rules

[Homology]

Now damn it, this is completely wrong. Read my other reply to your previous, identical statement, which I posted before you posted this. Our laws impact you because the hardware manufacturers want to sell their stuff here. So you are stuck with FCC compliant products, regardless of whether you are under FCC jurisdiction.

You are very confused. I'm not obliged to follow FCC regulations while not in USA, or any other US law for that matter. A wireless product sold in USA has to be FCC compliant, and that is clear, but that does not imply that FCC regulations are world wide in their scope. Actually, in some countries it's downright illegal to use FCC regulations (think about different channels availalable for home use).

Re:FCC Rules

[jusdisgi]

In the article he mentions open source drivers written under NDA that are essensially unmaintainable, whence of dubious quality.

No he doesn't. He says "Some Linux (and recently FreeBSD too) developers are willing to sign NDAs so that a few people get the documentation, and I believe that this is the largest problem facing the kernel side of the open source community today." Now, you'd have to ask him to clarify to be certain, but I would say the chances are extremely slim that he's talking about people writing open source drivers under NDA. Mostly I say the chances are slim because that's a totally ridiculous idea that no hardware company would consider; if you're going to let somebody write an open driver, what's the point of an NDA? On the other hand, I am familiar with at least one case (madwifi) where a developer (Sam Leffler) signed an NDA in order to produce a binary blob and an open-source interface component for a chipset (atheros) which had no driver available. I think it is extremely likely that these situations are the ones to which Theo referred.

As for FCC regulations and me as an EU citizen: I don't have to comply with FCC regulations while not in USA. The same goes for strong encryption. In this sense I don't care about FCC regulations. That US based companies think that I should care about FCC just means I go elsewhere with my money.

Your ignorance and lack of thought are astonishing. "US based companies" have nothing to do with it...where else are you going to go with your money? Every wifi chipset manufacturer sells its products in the US, and thus abides by FCC rules. The manufacturers in question here are mostly Taiwanese. The issue here is that, regardless of where a company is based or chooses to make its products, it invariably wants to sell those products in the US. Thus the manufacturer must comply with US regulations. So it doesn't matter whether you have to abide by US regulations...the people who make the products you use do. And once again, this is a great example. You can't have a certain driver, because it doesn't exist, because (ostensibly) of US regulations. Therefore US regulations impact you. Period.

Re:FCC Rules

[jusdisgi]

See, you're missing the point here. It's not whether a consumer might be able to violate FCC regulations. It's the fact that manufacture of a device that allows the consumer to transmit in a licensed band is itself a violation.

In other words, the manufacturers are prohibited by FCC rules from making a device that a consumer can run in a licensed band or at a higher-than-allowed output power. However, the part the manufacturers are ignoring is that the FCC seems to mean this in the context of the normal consumer-level interfaces, which doesn't include the source code. Changing the source code would be abnormal activity not sanctioned by the manufacturer and outside of normal use.

Re:FCC Rules

[jusdisgi]

A wireless product sold in USA has to be FCC compliant, and that is clear, but that does not imply that FCC regulations are world wide in their scope.

That is correct. And I never once said or implied that FCC regulations were global in scope. I did, however, say that US regulations impact all FOSS users regardless of where they live. And I've given far more than adequate evidence to support that position. Again, note that Theo does not reside in the US, yet he obviously considers these particular FCC regulations important to him and to the rest of the (mostly non-US) OpenBSD team.

Re:FCC Rules

[RollingThunder]

Not quite "Period".

The manufacturers could make multiple versions - one FCC compliant for sale in the US, and one for everywhere else.

They don't because that costs more and eats into profit margins.

Things like this are one of the reasons why "power bricks" are so popular. The highest regulation tends to be where the highest voltage is. By having the country-regulation specific wiring in a seperate power brick, the companies can mass-produce the main unit (Xbox, etc) and just have regionalized power bricks.

Re:FCC Rules

[Homology]

No he doesn't. He says "Some Linux (and recently FreeBSD too) developers are willing to sign NDAs so that a few people get the documentation, and I believe that this is the largest problem facing the kernel side of the open source community today."

Yeah, yeah, here's the quote

TdR: There are always at least a few efforts in the project to get more documentation out of vendors. But some vendors are still incredibly resistant. We often run into vendors who have signed NDA agreements with Linux developers, who will then happily write a Linux driver filled with magic numbers, which only one developer in the world understands. Having signed the NDA ensured that Linux got a working driver, sure, but the internals are indistinguishable from magic. It cannot be fixed by anyone else, because it is full of secrets. It is a source code version of a blob.

Your ignorance and lack of thought are astonishing. "US based companies" have nothing to do with it...where else are you going to go with your money? Every wifi chipset manufacturer sells its products in the US, and thus abides by FCC rules.

Of course everyone selling products in USA has to comply with US regulations and laws.

The manufacturers in question here are mostly Taiwanese. The issue here is that, regardless of where a company is based or chooses to make its products, it invariably wants to sell those products in the US. Thus the manufacturer must comply with US regulations.

Are you stupid? The manufacturer has to comply with US regulations when doing business in USA. When doing business in another country, then another set of regulations apply.

Re:FCC Rules

[jusdisgi]

The manufacturers could make multiple versions - one FCC compliant for sale in the US, and one for everywhere else.

Well, yes, obviously; I just sort of took the cost factor as a given. Note my line "when you find a wifi chipset that isn't sold in the US let me know" It's also worth noting that the 802.11b spectrum is different in Europe than in the US, and that many drivers have multiple versions so as to open up the extra two channels for non-US users. This is another piece of evidence that the source-code isn't a violation...after all, any US citizen could go get the foreign version of the driver and use channel 13. But this is all beside the point; the discussion has gone off into one of "I'm not from the US so why should I care what your government does" which in my opinion is dumb as hell. If you can't figure out why non-US citizens should care about the policies of the largest importer of goods, the largest economy, the largest provider of foreign aid, the largest IMF contributor, a permenant member of the UN security council, and the largest military power....well, then you don't have a very good handle on world issues.

Re:FCC Rules

[LWATCDR]

Maybe but then that hardware could only work in one market so it would cost more.
Also if you put in a hardware filter it would "absorb" some of the power that they device uses to transmit. So you would get a weaker signal or have less battery life. Also it wouldn't limit the power of the transmitter.
In short if you put the limits in hardware the produce would cost more, have a smaller market, and use more power. It just wouldn't be as good as a card that does everything is software.
It would fail on the market because as a product it would suck. It could have open source drivers with the current FCC rules but it would still not be a good wi-fi card.

I think a better solution is a stable binary driver interface for Linux and BSD. Just like the video card situation the current system of trying to "force" hardware manufactures to open source their drivers has not worked.

Re:FCC Rules

[Homology]

But this is all beside the point; the discussion has gone off into one of "I'm not from the US so why should I care what your government does" which in my opinion is dumb as hell.

Now you are misrepresenting my posts. Let me rephrase: I do not have to follow US regulations as an EU citizen living in EU. In this sense I don't care about US regulations.

If you can't figure out why non-US citizens should care about the policies of the largest importer of goods, Of course we do! We are financing your consumerism and Iraq war.

the largest economy, You sure got the largest debt.

the largest provider of foreign aid, You mean weapons?

the largest IMF contributor To protect the interests of companies like Enron.

a permenant member of the UN security council, Yo got that one right. If you only paid your fees to UN.

and the largest military power Yes, it's obscene in it's size.

Re:FCC Rules

[Bill_the_Engineer]

I can tell you that there is no cost effective way to limit a device to FCC restrictions purely in hardware.

Wow, you went through a lot of trouble to justify your case but you seemed to forgot something. The current operating parameters of WiFi are dictated by software. Therefore the hardware has a broad enough design to operate within the parameters dictated by the software.

BTW, yes there is a cost effective way to limit a device to FCC restrictions purely in hardware. I have radio equipment that was designed for different markets and their operation are restricted based on the regulations of their target country of operation. This is accomplished by firmware programmed within the equipment that have several modes of operations stored within it. The manufacture simply uses SMT diodes or zero-ohm resistors (jumpers) to tell the device what region the device should operate within. The placement of these SMT components can be programmed for each target market and be taken care of during board assembly. This method did have one disadvantage. During the early 90's, the FCC was frustrated by how easy it was for the end user to operate the radio device outside legal limits (power and/or frequency) by simply removing a diode. Newgroups were full of HOWTO instructions on how to MOD the radio equipment.

Another method (and more "secure" method) would require placing the current binary blobs into FLASH memory within the device themselves and publish the API so that driver developers can make use of them. Basically this simply moves the binary from a loadable file image to something already on the device. This would go against the current trend, since most (all!) of todays design decisions are based on increasing the profit margin by reducing part count by taking advantage of the host device.

Brgds, Bill

Re:FCC Rules

[JesseMcDonald]

The software that you are talking about is the firmware -- it runs on a microcontroller on the device, not the host PC. According to the interview, the OpenBSD developers have no problems with firmware provided that the copyright license allows them to redistribute it with OpenBSD (i.e. they don't need the firmware's source code). IANAEE, but that ought to be sufficient to satisfy the FCC's requirements.

If there is some problem with having the firmware loaded by an open-source driver, then the hardware manufacturer should have put the firmware directly on the device (in a ROM, for example) rather than delegating the loading to the driver. Even with a closed-source driver the firmware image can be altered by a binary patch off the Internet, so I don't really see how making the host driver closed-source enforces the FCC's regulations.

Re:FCC Rules

[TigerNut]

I don't think I forgot that part. In fact I stated that not only does the hardware have a broad enough design to operate within the parameters dictated by the software, manufacturing and component spec tolerances require that the hardware design be broad enough to allow it to meet the system design spec when significant component variations are taken into account.

In multi-band radios, the equipment can typically be operated slightly beyond the intended band edge due to the filters not having an infinitely steep roll-off. It doesn't matter whether or not the manufacturer allowed for other operating bands with hardware configuration diodes or resistors. Also... these configuration resistors are generally (but not always) interpreted by software, since operating in multiple bands usually also requires slight protocol variations. Therefore, if the software is open, you can just eliminate the part where the configuration is read.

I interpreted Theo's comments to imply that they want the radio firmware to be open down to the hardware level. Pushing binary blobs into flash and publishing an API into a buggy hardware driver does not do what he wants...

Re:FCC Rules

[agony_zhou]

High quality analog filter (usually SAW filters) is bulky, expensive, and have other complication well. In the RF industry, people are going through all the trouble to eliminate every one of them.

Re:FCC Rules

[HardCase]

FCC rules does not apply to me, so why should I care about those restrictions? This is similar to use of strong encryption and US regulations.

EU rules don't apply to me, but I care about RoHS restrictions because manufacturers tend to design to the most restrictive set of regulations that will apply to a product. Same deal with FCC regulations, in a broad sense.

-h-

Re:FCC Rules

[NutscrapeSucks]

Now, you'd have to ask him to clarify to be certain, but I would say the chances are extremely slim that he's talking about people writing open source drivers under NDA. Mostly I say the chances are slim because that's a totally ridiculous idea that no hardware company would consider; if you're going to let somebody write an open driver, what's the point of an NDA?

I think you're reading too much into the term "NDA". For example -- "Here's some hardware documentation, don't post it on the web" is an NDA.

Theo is correct, and there's a very large number of open source driver being written this way.

Re:FCC Rules

At least we didn't have to wait too long for the first anti-US non-sequitor to pop up. And you also very nicely rephrased your original position, too.

For what it's worth, you don't have to be directly concerned with US regulations. But the rest of your reply shows an awful lot of ignorance. While I'm sure that you were trying to be snide and clever, you're just coming across as a crank. Too bad, really, because you were raising some interesting points up until then.

Re:FCC Rules

[Plunky]

For instance if you use a primestar dish with a coffee can, and have super high gain, you are required to turn down your transmission power to be within FCC regs

Can you do that, with drivers and hardware that dont allow you to tune the power levels?

Re:FCC Rules

[flosofl]

I do not have to follow US regulations as an EU citizen living in EU. In this sense I don't care about US regulations.

No one is saying that... You really are thick-headed, aren't you?

If you had a scintilla of intelligence in your hollow cranium, you would have seen his point immediately.

In a world market, a company will manufacture to the most restrictive specifications. In the case of wireless chipsets it is the FCC regulations. They are *not* going to make different versions for the EU/CAN/US, etc... It is too cost prohibitive. Therefore, the *world* gets the same version as the US. Unless you can figure out the microcode, your Intel wifi card has the same FCC imposed restrictions as the US version.

Is that clear, or do you need it spelled out in crayon and using smaller words?

Incidentally, thanks for the unwelcome political diatribe in the last post. You really added something to the entire thread. I mean how could we have *ever* missed the importance of bringing up the Iraq war and US Imperialism* in a thread about BSD.

Ass.

* - or Consumerism, etc... insert the -ism of your choice. Don't forget to capitalize it to show it's Serious(tm)

Re:FCC Rules

[Kadin2048]

I'm not sure if you're being intentionally thick or what. FCC regulations cover more than just how a device can be used, they affect every stage of its design, and the market that's controlled by the FCC is a pretty big one. You over in Europe may think that what the FCC does isn't relevant to you, but I can guarantee you if you turn over a few peripherals you have on your desktop, that you'll see "Tested to Comply with FCC Standards: For Home or Office Use."

Because hardware and device manufacturers don't want to have to make multiple versions of their product if they can avoid it, chances are they're going to make it compliant to the largest number of regulatory bodies that they possibly can. Hence why my mouse is manufactured in China but approved according to regulations in the U.S., Canada, Germany, the E.U. (separate from Germany), and a bunch of Asian ones I can't read. And that's without even counting the non-governmental certifications (UL, CE, etc.).

An FCC regulation that changes something fundamental about how electronic devices have to be made is almost sure to affect people everywhere in the world, just like the E.U. RoHS rules are going to change the stuff I buy here in the U.S., even if we as a country didn't give a damn about how much hazardous substances were in our electronics. (We do, we're just taking our time about it.)

So while the FCC doesn't have any direct authority outside of the U.S., it affects how lots of things which end up on the world market are made, and you'd have to be pretty naive to just ignore that.

Re:FCC Rules

[HardCase]

If you can't figure out why non-US citizens should care about the policies of the largest importer of goods, Of course we do! We are financing your consumerism and Iraq war.

I think that you have it backwards - the US imports goods and "exports" money. If "you" were financing US consumerism and the Iraq war, the flow of money would be going the other way. In fact, you could make a better case that the US was financing your opposition of the war (assuming that you're posting from a country that does not support the war and one from which the US imports more than it exports).

the largest economy, You sure got the largest debt.

Read Milton Friedman and other economists of his ilk. You'll find it enlightening.

the largest provider of foreign aid, You mean weapons?

No, actually Russia exports more weapons than any other country - at least according to the Stockholm International Peace Research Institute. The US is the largest provider of non-military foreign aid in the world.

the largest IMF contributor To protect the interests of companies like Enron.

You mean companies like Enron, whose executives are being aggressively prosecuted by the US government? There is quite a list of companies whose executives are looking down the business end of a long prison sentence these days.

a permenant member of the UN security council, Yo got that one right. If you only paid your fees to UN.

The US does, for the most part, with the exception of its peacekeeping assessment which is still being negotiated. If you're talking about the withheld dues from the 1990's, put your mind at ease. The $620 million was paid several years ago.

and the largest military power Yes, it's obscene in it's size.

You're entitled to your opinion, of course. Clearly the US spends more in actual dollars than any other country. Of course, even without Iraq, the US has more responsibilities to other countries than any other country. And yet, as a percentage of GDP, the US is right in the middle of the pack, spending a little over 3% of its GDP on defense.

You don't like the US, I think, and that's OK. But if you're not going to like the US, don't like the US for the right reasons. Don't just make things up. Let me give you some reasons:

As the world's largest economy, the US should increase its amount of non-military foreign aid. It's not enough to be number one, the number should be a larger amount of GDP.

The US should work to reduce or eliminate the debt owed by developing countries, particularly that which was incurred by previous regimes.

The US should do more to encourage repressive governments to stop human rights abuses. Giving MFN status to China is a real head-scratcher.

Financial power is not a baseball bat.

There you go, some reasons to not like the US.

I, however, like the US a lot. I am, of course, very biased. You, I'm sure are not - right?

-h-

Re:FCC Rules

[Homology]

So while the FCC doesn't have any direct authority outside of the U.S., it affects how lots of things which end up on the world market are made, and you'd have to be pretty naive to just ignore that.

Of course FCC regulations have influence outside USA, as many other laws and regulations. This does not imply that the rest of the world should meekly accept these regulations as an excuse for hardware companies not to release hardware documentation. That I don't care for some US regulations/laws does not mean that I'm indifferent, as some posters think I am.

Re:FCC Rules

[Homology]

You don't like the US, I think, and that's OK.

I think that USA is great country, and there is much to admire. However, that cannot be said of the current Administration which is downright scary.

There is a hug influx of money into US by foreign central banks having valuta reservers in US dollars, enormous foreign investments (funds, Arab petro dollars etc) and huge trade deficit. Conbine this with enourmous Federal spending (Iraq, as an example), budget deficit, huge tax cuts and US families that are indebted. This is not sustainable. Was it last year that the South-Korean Central Bank hinted that they might have less reserves in US$ and the Dow Jones took a dive? Making war cost money, alot of money.

As for the size of US "defence": It uses more than even at the coldest of the cold war. And to what ends?

Re:FCC Rules

[drinkypoo]

You are sometimes allowed to tune the power levels in the downward direction, just not in the upward. Some cards' drivers provide for this, and some don't.

Re:FCC Rules

[mph]

As for the size of US "defence": It uses more than even at the coldest of the cold war. And to what ends?

Do you have a citation for this claim? It looks to me like current US defense spending, in relation to GDP, is lower than during the cold war.

http://www.truthandpolitics.org/military-relative- size.php

Re:FCC Rules

[Bill_the_Engineer]

In multi-band radios, the equipment can typically be operated slightly beyond the intended band edge due to the filters not having an infinitely steep roll-off. ... It doesn't matter whether or not the manufacturer allowed for other operating bands with hardware configuration diodes or resistors. Also... these configuration resistors are generally (but not always) interpreted by software, since operating in multiple bands usually also requires slight protocol variations. Therefore, if the software is open, you can just eliminate the part where the configuration is read.

You missed the point. Any hardware can be made to operate in multiple regions and have its operation parameters cost effectively decided during assembly. I am not talking about making a radio operate outside its intent or taking advantage of a filter defenciency. I take a black box view of peripherals by seperating the firmware executed by a device (either by a microcontroller, DSP, FPGA, etc.) from software being executed within the host computer.

Multi-Band radios aside, it doesn't really matter as long as the hardware can operate within design parameters for each operating mode desired.

I interpreted Theo's comments to imply that they want the radio firmware to be open down to the hardware level. Pushing binary blobs into flash and publishing an API into a buggy hardware driver does not do what he wants.

From what I read from the article, Theo would like documentation for the hardware. Therefore, pushing the binary blobs into flash and publishing an API sounds like what he wants.

Sure the firmware may be buggy, but it will be buggy for ALL operating systems. This would give the manufacturer incentive to correct the firmware, as well as make testing easier since they no longer have to worry about driver implementation.

Re:FCC Rules

[Rutulian]

As a current and past employee of several companies that make wireless transceivers subject to FCC licensing, I can tell you that there is no cost effective way to limit a device to FCC restrictions purely in hardware.

Um, sure. But I don't think Theo cares about it being "pure hardware" or a hardware/firmware mixture. As long as it isn't in the software driver, wifi hardware companies can't claim that releasing source is against FCC rules. And, as the parent was saying, it probably isn't anyway.

Re:FCC Rules

[renoX]

Bah restricting in software is just plain stupid: if you put restriction in the driver, how can you prevent the user using a driver for a different country where say the output power or the channel he wants is allowed?

Re:FCC Rules

[barawn]

I interpreted Theo's comments to imply that they want the radio firmware to be open down to the hardware level. Pushing binary blobs into flash and publishing an API into a buggy hardware driver does not do what he wants...

No: he doesn't care if you do that. That's not a 'blob' - that's a loadable firmware. That's fine. Just give them a copyright that allows them to redistribute it, and he's happy.

What he cares about are binary-only driver blobs - as in, some object file that gets linked with a wrapper file that converts OpenBSD API references to some API that they use, and then executes it.

If the device fails, that's one thing - it's recoverable, and it's debuggable. But if the processor suddenly jumps off into never-never land, that'll be hell to handle.

To quote:

The first kind to mention is firmwares. Firmwares (like for instance on a Intel wireless card, or a such) are binary pieces of code that will run on the little processor that is on the wireless card. As an operating system, we need to load the code out to the card. To include a firmware in OpenBSD, we simply need a nice copyright statement from the vendor that lets us distribute the firmware. Some vendors won't even go that far, though.

Then he goes on to discuss blobs. So he's not upset about firmware. He's upset about blobs.

Re:FCC Rules

[ChrisA90278]

Here is how to "put it in hardware". True you really can't but this comes close. You write code to enforce the limits and you burn this into ROM the on-board procesor is designd to execute the ROM code periodically.

This is typical with spacecraft. There is an interval timmer that forces and interrupt that drive the processor to execute coe from ROM periodically. The "safe mode" or "fail safe" or "watchdog" stuf runs there even if a totally bogus set junk gets uploaded in the the RAM. Alows remote recovery from a software error. Same technique could allow for recovery from t driver run amock.

Re:FCC Rules

[nacturation]

Of course FCC regulations have influence outside USA, as many other laws and regulations. This does not imply that the rest of the world should meekly accept these regulations as an excuse for hardware companies not to release hardware documentation.

I think you answered your own question that you wrote in a previous post:

"FCC rules does not apply to me, so why should I care about those restrictions?"

You should care because they have influence outside the USA and you shouldn't meekly accept those restrictions which often end up in your products even though you're not in the USA.

Re:FCC Rules

[NateTech]

Oh come ON. You can easily put middleware firmware between the raw VCO frequency input and power level settings, so that the end-user will be effectively limited to only what frequencies and power levels you wish the end-user to access.

Then you can DOCUMENT THAT INTERFACE.

There's nothing particularly difficult or expensive about doing that. It's just a shim between the driver and the hardware. And done right (e.g. ENGINEERED PROPERLY), you can also save your company from ever having to release anything other than ONE STANDARD DRIVER for all of your hardware -- the hardware can change, the firmware/middleware can be modified to drive the new hardware, and the software/OS level driver never has to change for that type of "service", ever, even if the hardware changes underneath.

Doing that actually makes good business sense for many similar products, too.

Go back to the drawing board and write a GOOD SPECIFICATION for a middleware/firmware abstraction layer. You can even write features into that specification that don't exist today but likely will in future products, and not publish them at first. Or make the specification extensible.

Re:FCC Rules

[Mike+McTernan]

> In other words, the manufacturers are prohibited by FCC rules from
> making a device that a consumer can run in a licensed band or at a
> higher-than-allowed output power.

Interestingly the output powers for most electronic devices are likely to be controlled using calibration data tables stored in FLASH to allow for production tolerances - certainly this is the case of cell phones. What normally happens is that each device is programmed with default calibration that allows most devices to transmit at the correct power. Somewhere on the production line the output powers will be tested, and if a device fails by transmitting either at a lower or higher than expected power, the calibration table updated to compensate.

Since these cal tables are stored in FLASH, anyone with the right tools could update the calibration and squeeze an extra dB out of the device. It's not trivial to protect against such changes in a device either.

Re:FCC Rules

[TigerNut]

No shit, Dick Tracy. What was said was "The hardware should enforce the FCC (or other regulatory) limits". Without other qualifications, "the hardware" does not encompass embedded software drivers or API abstraction layers, especially because part of Theo's rant was directed at the hardware vendors that insist that the PC load the embedded code (in the form of binary blobs) into the peripheral at boot time, or else that the PC link to precompiled API objects.

Extensible specification? That's a good theoretical construct. Kind of like "software reuse". I'm not saying that nobody does this effectively, just that I haven't seen it happen in any place where there were tight deadlines and executable code size limitations.

Re:FCC Rules

[RichiH]

if you turn over a few peripherals you have on your desktop, that you'll see "Tested to Comply with FCC Standards: For Home or Office Use."

well, you might have noticed those 'CE' or 'TUV' marks. PCT and VCI are other examples. That's called internationalization ;)

Re:FCC Rules

[jusdisgi]

Now you are misrepresenting my posts. Let me rephrase: I do not have to follow US regulations as an EU citizen living in EU. In this sense I don't care about US regulations.

Being personally subject to a regulation is not the only reason to care about it. So these two statements you are trying to call equivalent aren't.

Re:FCC Rules

[NateTech]

My point is that binary blobs and other such trickery is unnecessary if the ENGINEERING is done right and the interface is DOCUMENTED.

I know, this went out of vogue in 1989 or so. But it DID work better for everyone when manuals actually had useful information about the product interfaces in them. Hell getting anything more than ten sheets of paper with government or lawyer-required "safety data" with a piece of computer hardware anymore, let alone a MANUAL, is virtually impossible.

I was also pointing out that the argument that "we have to keep people from doing illegal things with their radio modules to get FCC certification" doesn't hold water.

Open interface design and locked-down features easily can be done, together.

All of these tricky little things like loading binary crap into the kernel and other driver trickery done by hardware manufacturers is just a sign of sloppy engineering. This sloppiness is both from idiots in "leadership" pushing deadlines so far back that nothing can be built that WORKS, and engineers who don't care, for various reasons.

The reasons that engineers don't really care about good interfaces and documentation is two-fold:
1. If you develop CRAP, that just barely works and frustrates the hell out of the customer -- you have a permanent job "fixing" it.
2. Why care about making a great product for a company that doesn't care about you at all and will lay you off or dump you to save one quarter's financials and the bonuses of the executives that quarter?

Companies reap what they sow, in the case of #2. It's only natural to act that way if the company doesn't make any effort at longevity or show any effort at being somewhere thinking large enough to look beyond the next three months.

Deadlines are out of control, and good engineering isn't done anymore. Your upset response complete with cussing and stupid personal remarks that were unwarranted, shows that everyone's just used to it at this point.

Some other country and community of engineers will do good engineering once we stop fighting to do things better than everyone else... no worries. That's competition.

Re:FCC Rules

[TigerNut]

Your upset response complete with cussing and stupid personal remarks that were unwarranted, shows that everyone's just used to it at this point.

What? "No shit, Dick Tracy" is a euphemism for "you're making motherhood-and-apple-pie statements". No offense intended - I just don't think that what you said has merit.

If I was going to get upset, I'd take umbrage at your slagging of engineers in your response. I've worked among several hundred engineers, in companies ranging from seven to seventy thousand employees, and I can count the number of engineers that did not take a personal stake in everything that touched their hands, on one hand. Even when the company where they were working was going through a management crisis and they downsized from 1800 to 200 employees. If they produced substandard products then it was almost always because of poor direction: building a design that didn't meet market requirements or being forced to include features that diluted the central effort.

and good engineering isn't done anymore. If that's true then it's not because the engineers don't care - at least not that I've seen. I have seen a lot of good engineering get distilled out by poor upper-level decisions, though, so I certainly agree with your sentiments about "idiots in leadership".

Re:FCC Rules

[NateTech]

Just because my comment was obvious and logical, didn't make it any less relevant.

I can also count the number of engineers who didn't care about their product on one hand. I don't disagree with you on that point. But, I can also count the number of engineers who'd get out of bed at 2AM to look at a real customer problem on one hand.

There are degrees of "care" can the vast majority of engineers don't care THAT much. Hard to blame them with the current employment situation where the managers will fire good engineers because of poor management decisions at the drop of a hat.

So, I assert that if these good engineers that care, but not that much, are the "best" we can do in America -- then this must mean there's something wrong with BOTH the management AND the engineers. The status quo isn't good, and no one's changing it.

Support people get paged/called, get up, rub the sleep out of their eyes, work all night documenting the problems, prove that it's really broken (which they knew already), and send it off in a ticket system hoping an engineer will fix the piss poor job they did, sometime in the next three releases. Management measures the engineers not on whether or not the customer finds the product acceptable, but by how many tickets they close (that means they had a LOT of bugs) and how much new code they release (buggy, or not).

Usually by the time the release cycle finishes and the bugs are fixed, the "new" version will come out with all new bugs to start the cycle over again.

Meanwhile the customer NEVER gets a product that really works -- 100% correctly -- and has to constantly decide if they can live with the problems. Especially in software products.

For their part, the original bad work by the engineer is rewarded, as well as all future versions, because they're incentivized by management and given bonuses for shipping "new product on time" and "fixing X number of bugs".

My idea: Tie bugs to wallets. No bonus for software that has major bugs. Lower bonus for software with minor bugs.

Until that happens, engineers have only personal conviction incentives for REALLY getting it right the first time. Tie it to whether or not their family gets fed, and you'd have better results.

Additionally, a social problem for good engineering exists. If they DO get it right the first time, both the engineer and the support staff are out of jobs, so there's a natural tendency to ship now, deal with bugs later. Once the "99.9% working" type of system is built, the company usually folds within a few years, after the sales ramp completes its natural cycle.

It's the very definition of insanity, and a never-ending cycle. And people are very used to it. How many times have you seen any computer-related product review say, "It has the usual problems but all-in-all, we give it an 8 out of 10?"

Finally, if you ship a product without any major problems, you have an opportunity to move on to newer and better things, but you run the very real risk that the customers simply won't pay for an upgrade to the old system.

To counteract this, most organizations buffer the engineers from the problems permanently unless they're "critical", so they can just go ahead and create new things without fixing the one released yesterday. "That's not critical, engineering won't look at it, they're busy working on the new system."

The typical American investor even supports this behavior -- by only looking at public companies on a quarter by quarter basis. This is why startups and massively large companies seem to be the only real innovators -- that and companies run by tyrants. Mid-sized "normal" companies are mired in their own financial incentive problems and fiscal paranoia about "growth", constantly.

Einstein states the overall issue better than I can:

"Any intelligent fool can make things bigger and more complex... It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."

American engineerin

Re:FCC Rules

[TigerNut]

I think we're pretty much on the same page. Over the last fifteen or sixteen years I've been lucky enough to be involved in design teams where pretty much everyone regards their work as far more than just a job. There was ONE guy (at the management level) who, over a period of four or five years, would consistently get his project to about the 80 to 90 percent complete level (going about 50 percent over budget on time in the process), and then decide to fundamentally change the architecture (because the requirements had changed in the mean time) so that the project completion date was pushed another year into the future.

Financing?

[AltGrendel]

...I swear I will never get over how incredibly much money a University acting as a middle man between DARPA and us can bleed the flow of financing.

Any idea who he's refering to?

Re:Financing?

[kevin_conaway]

About 15% of the funding, awarded in mid-2000, had remained unspent, de Raadt said. According to de Raadt, two days before the funding was cut off, Jonathan Smith, the computer science professor in charge of the project at the University of Pennsylvania, phoned de Raadt. Smith told de Raadt that several people at the university and DARPA were uncomfortable with de Raadt's antiwar comments, which appeared in The Globe and Mail of Toronto in early April.

Source

Re:Financing?

All of them. In grant financing, the institution will often take a percentage of the gross, as large as 48%, or more in some cases. It's justified under a multitude reasons, e.g., management, common facilities, name, reputation, goodwill, etc.

Sometimes these funds get funneled back through deans to dept. chairs and, yes, the even PI as a salary bonus, thereby allowing them to write a larger salary number in the next grant.

I'm not saying it's right but that is the way it is.

Re:Financing?

[jonastullus]

well, i guess throwing war criticism in DARPA's face isn't exactly the most diplomatic approach, but cutting funding for an important application like OpenSSH over such personal issues seems like a pretty childish action to me! there's just nothing like being a "good patriot", i guess.

Re:Financing?

[updatelee]

thats about it, pretty sad...

" all praise lord bush, or get the fuck out "

Re:Financing?

[KarmaMB84]

His comments were just as sure to cut off his funding as pissing on a 5-star general.

Re:Financing?

[jonastullus]

ok, after reconsidering, i guess he bad-mouthed his (so-to-speak) employer and then his funding was discontinued. so i guess he has only partial reason to complain. but i still think that OpenSSH funding should be more important than such political quarrels.

Re:Financing?

[Arandir]

...but i still think that OpenSSH funding should be more important than such political quarrels.

So how come no one's blaming Theo then? If it is true that his attitude lost him his funding (which isn't demonstrated, btw), then let's blame the attitude. You don't tell someone to fuck off and then expect them to fund you.

Re:Financing?

Right, a university professor should be pro-war, because that's his job.

Utter, merciless destruction...

Re:Financing?

[ConstantineM]

He did what he should have done -- exercised his right to free speech. He did not badmouth anyone, he just told the newspaper what already more than 50% of North American population think.

Re:Financing?

[Arandir]

You want to maintain a healthy marriage? Don't insult your wife.

You want to get good service at a restaurant? Don't insult the waiter.

You want to keep your project funding? Don't insult the guy paying you.

This isn't about free speech, it's about tact. Thousands of university professors wear their politics on their sleeves, yet they manage to keep their funding. That's because they tend to use a modicum of tact. It's a lesson Theo would do well to learn.

Re:Financing?

[ConstantineM]

Heh, he was interviewed by his local newspaper!!! It's even more tactful than professors putting anti-Bush comics on their doors in the hallway! He didn't post it to a web-site, nor did he campaigned against it, he simply answered the question in a good faith! Did you expect him to be dishonest and lie on the matter? How would one respect oneself after that?

Department of Redundancy Dept.

[scottennis]

I thought "blob" stood for "binary large object."

So isn't it redundant to say "binary blob"?

Re:Department of Redundancy Dept.

[camperdave]

In this context, it means Binary Locked OBject.

Re:Department of Redundancy Dept.

[asdfgl]

Yes and no. Blob is often (and I think this notion predates the other) used to refer to something indistinct and shapeless. As for "binary large object" it might very well be a backronym of some sort.

Re:Department of Redundancy Dept.

Editor has a stutter you insensitive clod.

-- Moomin.

Re:Department of Redundancy Dept.

[evilviper]

I thought "blob" stood for "binary large object."

Yeah. You can't imagine my disappointment in the 80's when I bought a ticket to see a technical movie about "binary large objects", only to see NOT ONE computer in the whole movie!

I mean, they even CAPITALIZED "BLOB" to fool people into thinking it was an acronym.

Re:Department of Redundancy Dept.

[drawfour]

No. You can have XML "blobs" that you don't understand but just insert into a section of other XML that you do understand (assuming it's all well-formed, etc...).

A "blob" is just something that you don't understand but still use. Binary or text, it doesn't matter.

We don't buy hardware that OpenBSD doesn't support

[linuxbaby]

Though we only use OpenBSD on a few of our servers (we have about 150 servers) - we NEVER buy hardware that OpenBSD doesn't support, because to us that's a good test of whether this hardware is going to last or not.

If a hardware company is so proprietary or secretive or locked-down that OpenBSD can't (or chooses not to) support it, I don't believe that company will last in the long run.

So petulant and arrogant.

[NDPTAL85]

Isn't it pretty amazing that when you purposefully select a license (the BSD license) that allows both individuals and corporations to use your code without contributing so much as a bad thought in return you get angry when people aren't rushing out to fund your project. The begging was just flat out shameless.

"Jeremy Andrews: I use OpenSSH every single day. I use it at home, and have used it at every computer job I've ever worked. I imagine this is true for a lot of people. What was the reaction to your recent request for donations from people and companies that benefit from OpenSSH?

Theo de Raadt: There were many reactions.
Some people thought that the tie between OpenBSD and OpenSSH is the problem, and thus they would not donate. Those selfish people apparently don't realize that OpenSSH-p is maintained by OpenBSD people, who don't need to do so, of course.
Roughly stated, painting with some broad strokes, the Linux vendors flat out refused to help. They have not even really replied to requests. The commercial Unix vendors have tried to stay away from funding us as well, hiding in their castles, especially when users of our software sent them requests for action.
Hundreds of people donated!
Smoothwall, Mozilla, and GoDaddy made some large contributions, as large users of OpenSSH. A few other large players (users, not Unix/Linux vendors) have something happening inside their accounting departments.

I don't understand why the Unix/Linux vendors (and Cisco) who ship our product are avoiding us. Maybe they are afraid to give to the first project, because then other projects will come asking too.

I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15 to 1 dollar ratio in favor of the little people. Thanks a lot, little people!"

No one owes any BSD licensed project anything, no matter how useful the project is. It was his choice to choose a license that basically says "Come on, steal what I have and give me nothing in return people!"

For a lot of folks the thinking is like this. A little self respect goes a LONG way, and if you don't respect yourself and your skills enough to charge something for your software or at the very least require that no one can take advantage of your code without giving something back (via the GPL) then you deserve to be used and abused like a cheap hooker. In this case with Theo De Radt we have the hooker following her John home to his suburban house, knocking loudly on the door and demanding additional money in front of his alarmed wife and children.

Incredible.

Re:So petulant and arrogant.

[LurkerXXX]

Lots of companies use OpenSSH but don't distribute it. Lots of companies redistribute the vanilla version, with no changes made. In either of those cases, there's no 'giving something back'. And they aren't going to toss money at it just because it's GPL.

Making it GPL would do nothing for the funding, it mearly would add more restrictions to the license, which the OpenBSD folks are totally against.

Re:So petulant and arrogant.

[DrSkwid]

Why do you think abusing women is "deserved" ?

Re:So petulant and arrogant.

[Craig+Davison]

Come on. He's asking for money, not code changes. On that level, GPL-licensed code and BSD-licensed code are the same. A company like Linksys could use the Linux kernel in their routers without giving a cent to Linus or the hundreds of others.

There's nothing wrong with _asking_ for contributions. He knows that nobody owes him anything, and that jackasses like you will give him nothing but hot air, probably all the while logged into an OpenSSH server somewhere.

Re:So petulant and arrogant.

Oh my, you really don't have a fucking clue, do you?
The OpenBSD project's recent funding problems have absolutely nothing to do with licensing; zero, zip, nada. The problem is not companies (Linux vendors, Cisco, Sun, etc.) modifying OpenSSH and without releasing changes publicly. The OpenBSD/OpenSSH project doesn't care about that, they expect it to happen. The problem is with said vendors using, redistributing and profiting from OpenSSH without making even a modest monetary donation in return. Given this, please, enlighten me as to releasing OpenSSH under the GPL would have any impact on this? Where in the GPL does it state that all redistribution and/or modification requires supporting the software's developers financially?
You think expecting a little money for something you poured blood, sweat, and tears into is "arrogant"? How about including open source software in almost all of your products (Cisco, Sun), and not giving a penny back for being given the opportunity to do so? Of course you have no obligation, but given the fact you're profiting off of this software, wouldn't it be wise to donate something (money, hardware) to the developers so that the software you're profiting from can continue to be developed? Some companies/projects have: GoDaddy and the Mozilla foundation. And hopefully more will in the future.

Oh, and whoever modded the parent up as insightful needs to be hit with a cluestick.

Re:So petulant and arrogant.

[hahiss]

Agreed; this analogy is utterly awful! Not only is there this unhealthy response to prostitutes (someone needs to get some therapy. . .), the *ENTIRE* analogy doesn't work:

A prostitute is someone who gives what they otherwise wouldn't (sex) in exchange for cash. Theo gives his software away for free, to anyone, to use as they wish.

Now maybe you (GP) think the Free Software isn't a sound business strategy, and maybe you think Theo's a jackass---and heck, maybe you think he's getting what he deserved because he didn't demand that corporations leave their cash on the nightstand ahead of time [THAT'S how you make a prostitution reference!] but holy crap son could you find a way to say that without invoking repellant examples that contradict your point completely.

Re:So petulant and arrogant.

[PietjeJantje]

Theo said regarding donations:
>I don't understand why the Unix/Linux vendors (and Cisco) who ship our product are avoiding us. Maybe they are afraid to give to the first project, because then other projects will come asking too.

These vendors are a bunch of losers. In their quest for the accumulation of scarcity tokens, they take a gift, make money with it, then avoid the gift giver, don't share tokens, and thus basically give up being civilized beings. That's a big price to pay for a small donation. Losers.

What this communicates to me is: Don't support *NIX vendors. Penny wise, pound stupid.

Re:So petulant and arrogant.

[lky]

I have one question from Mr. De Radt. Since OpenBSD does not exist in a vaccum and since it does use parts of other projects (Like GCC from GNU), how much does OpenBSD give to those projects that it uses?

Or does OpenBSD feel entitled to take those things without payment because its giving away what it produces? Kinda like the Linux and other BSD distros are doing with OpenSSH?

Pot? Kettle?

Re:So petulant and arrogant.

[Adam+Hazzlebank]

It makes good business sense of a company to use Linux in their product and give nothing back. If they contribute funds to a project what happens? The project gets better and /everybody/ benefits, if everybody benefits how does that push you ahead of the pack and increase your market share?

Re:So petulant and arrogant.

[NDPTAL85]

Prostitutes do not equal women. Although they are women, not all women are prostitutes. Nice try.

Re:So petulant and arrogant.

[NDPTAL85]

A lack of concern for prostitutes is not identical to a lack of concerns for women in general. Prostitutes put themselves in their positions, no one makes someone walk the streets at night. There's nothing unhealthy about heaping scorn on a whore. Even if you'd use them yourself.

My example doesn't contradict my point. Most street walkers simply don't get a fair value for their sex. $20 a blow job? $50 for intercourse? Admist the risk for lifelong disease? The prostitutes are getting screwed on a major scale just as BSD license developers are. The BSD developers work their butts off and still have to beg at the end of the day for funds to continue their work. Its a pretty pathetic place to be...not unlike the position in society afforded to prostitutes.

Re:So petulant and arrogant.

[PietjeJantje]

I'm not sure if it's good business sence in the long term. Just as dual licensed OS projects don't attract many contributors, something similar is at play for me choosing an OS vendor, if any. But that was not the argument. Steve Balmer, for instance, has an almost perfect business sense in terms of personal wealth. For many though, he will always remain Monkey Boy.

Re:So petulant and arrogant.

[mobby_6kl]

>A prostitute ... gives what they otherwise wouldn't ... for cash. Theo gives his software away for free, to anyone, to use as they wish.

So, he's a slut?

Re:So petulant and arrogant.

Dude, not all prostitutes are women either.

Re:So petulant and arrogant.

[Plunky]

Well you already had a headstart and now you are a leader of many rather than few and your followers are richer which makes you richer.

The alternate scenario where everybody just takes what their neighbour has, would seem to end up with us all sitting around in the dirt stealing sticks.

Re:So petulant and arrogant.

That kind of kills the argument we hear so often about BSD being "more free" than GPL. The fact is, BSD is free only if you don't mind being harassed by people who actually expect you to pay for it. I just wish Theo would be more honest and change the license to a commercial one.

Re:So petulant and arrogant.

OpenBSD's source code is freely available to anyone, including GNU. What have they given back? Everything, including W^X and ProPolice, now incorporated into GCC-4.

You are the one who is not only petulant and arrogant but grossly ignorant also.

Re:So petulant and arrogant.

[lky]

And others have contributed code back to OpenSSH.

As Theo said, this is about dollars.

Re:So petulant and arrogant.

[rainer_d]

> how much does OpenBSD give to those projects that it uses

By generating a big chunk of (mostly security-oriented) patches that most other projects like to ignore right away.

Re:So petulant and arrogant.

[OttoM]

The problem is not the other open source projects. It's the commercial Linux and Unix vendors (and other as well) that use all the benefits of OpenSSH, but do nothing in return. To name a few: IBM, HP, Cisco.

Re:So petulant and arrogant.

Prostitutes put themselves in their positions, no one makes someone walk the streets at night.

Oh really?

I guarentee the majority have very little say in the matter.

Re:So petulant and arrogant.

[akpoff]

When Theo or the other OpenBSD folks complain about projects taking without giving they know what they're talking about. Theo knows for a fact whether Sun or other companies have donated to the OpenBSD project.

If you were minded to you could find out for yourself what Theo has contributed. Scan the source tree of just about any project the OpenBSD team ships and hunt for openbsd.org. If by chance you don't find anything then search again for "De Raadt" or some of the other developers' names. More likely than not you'll find code contributions.

If that's not enough, look at the number of companies Theo and his team and users have lobbied to release documentation thus helping all projects. Note also the Free Software Foundation and others respect and have honored Theo's work and contributions. In 2004 the Free Software Foundation presented Theo with the FSF Software award

For recognition as founder and project leader of the OpenBSD and OpenSSH projects, Theo de Raadt's work has also led to significant contributions to other BSD distributions and GNU/Linux. Of particular note is Theo's work on OpenSSH. Theo's leadership of OpenBSD, his selfless commitment to Free Software and his advancement of network security, were cited by this year's award committee.

Try google -- it's your friend when you have these kinds of questions.

Re:So petulant and arrogant.

[lky]

And if you review the portable OpenSSH changelog you will see that patches have been submitted by IBM, Sun, and Redhat to just mention a few. So according to the donated code logic they're in the clear now right?

Or maybe this was always about dollars to Theo and so it fair to look at how many dollars OpenBSD passes on.......any?

Once again.........pot? kettle?

Re:So petulant and arrogant.

[UnixSphere]

"The problem is with said vendors using, redistributing and profiting from OpenSSH without making even a modest monetary donation in return." and what let's them abuse and profit from that? The BSD license. Don't get me wrong though, I'm not picking on the BSD license, actually most of them out there suck. It's actually a multitude of problems that plauge this certain topic, Like Theo stated already himself, they don't have enough developers, more developers means more code, more reverse-engineering, more products supported, and the end result is more users, and more users means more money being donated to the product. The only thing he can do is ask for help, more developers and more money, which is what he's doing. Going back to the hardware issue, companies sometimes do not release documentation because they want to have the competitive advantage over their competitors. Especially if they're pushing "extra features" on their hardware. If say ATI releases documentation for their latest 400 dollar card, Nvidia likes one of their features, implements it in their own shit and renames it, you have a legal battle at hand. That's extra money, lawyers and all that. So why bring that kind of drama to yourself? So a couple thousand OpenBSD users can be happy? As opposed to my hundreds of thousands of orders I get from major manufacturers, despite not releasing documentation? Bet on it though, we'll have this problem as long as the open source community lives, that's the ugly side of capitalism.

Re:So petulant and arrogant.

[akpoff]

As I noted before. Theo knows who has materially supported the project. Unless you have some special source of knowledge you're not revealing, you don't know whether he contributes cash and to which projects. Until then your questions about his motives are premature speculation at best.

Re:So petulant and arrogant.

[trewornan]

That's not what the GP said.

. . . then you deserve to be used and abused like a cheap hooker

See, it's you that "deserve" to be used and abused, the cheap hooker merely "is" used and abused without a value judgement. Not that it's a particularly pleasant analogy but the GP didn't say what you're objecting to.

Re:So petulant and arrogant.

>>>A prostitute ... gives what they otherwise wouldn't ... for
>>cash. Theo gives his software away for free, to anyone, to use
>>as they wish.

>So, he's a slut?
> God, I wish, honey... have you seen his pic? Jesus, he's hunkier than that mountain he's standing on!! Fwoooaarrrr!!!!!

Looking for a small, fast, correct compiler...

I wonder if they have looked at tcc? It's small, fast, and aiming for C99 compliance. It only supports x86 right now but since it's capable of compiling the Linux kernel it obviously supports most of the GNU extensions that people find useful.

Re:Looking for a small, fast, correct compiler...

[DrSkwid]

Theo means "just like the plan9 compilers", but he doesn't like the license Lucent offer for them.

Re:Looking for a small, fast, correct compiler...

[akihabara]

You haven't looked hard. TCC is not remotely close to C89 compliance; forget C99 altogether. And to get it close to C89 compliance, never mind portability, it would need rewriting.

Great Interview...

[link915]

This was an excellent interview and Theo seemed fairly down-to-earth. I actually agree with many of Theo's POV's but don't always agree with how he conveys them. This interview seemed to show his *softer* side :)

Honestly though, he is right...the big Linux vendors really needed to step up and donate to the project. I am a FreeBSD user and certainly understand the need for funding to keep these projects going. OpenSSH is an amazing piece of software that we all use quite a bit. I can't say that I give all of my money to these projects but I do purchase CD sets and can only hope that the rest of you do as well.

I guess sometimes we are all dicks when we really believe in something. Although Theo can come across as a dick sometimes he really does stand for a good cause. Software should be free!

Re:Great Interview...

Theo openly admit his project regularly needs to take from Linux, maybe he should be paying all those Linux coders developing device drivers?

Re:Great Interview...

The ones creating the glue for blob hardware abstraction layers? (Madwifi)

More seriously, even if OpenBSD used the GPL, or the Linux kernel used a BSD-style license, the OpenBSD project couldn't just incorporate device drivers from the Linux kernel the way it can do it with the other BSDs: they're still very different operating systems! Most of what is "taken" from the Linux kernel are static values: register offsets and such (see this excellent interview where OpenBSD developers describe what writing their nfe(4) driver for NForce ethernet involved). It's hard to do much more without violating the GPL anyways.

You answered your own question.

[Homestar+Breadmaker]

"It only supports x86 right now". So that means its not an option. And given what a lackluster compiler it is, its probably not even worth using as a starting point to add more arches to.

NDAs are a big problem?

[Bralkein]

Some Linux (and recently FreeBSD too) developers are willing to sign NDAs so that a few people get the documentation, and I believe that this is the largest problem facing the kernel side of the open source community today.

Why is this a problem? If you are signing an NDA so you can write an open-source driver that anyone can read, edit and redistribute, surely that's not so bad? Of course it would be better to have completely open hardware specs, but if you really need to understand how this piece of hardware works, can't you take this open driver for it, read it, experiment with it, et cetera?

This is not a troll, I'm just not a programmer, so if this is a stupid question, that's why.

Re:NDAs are a big problem?

[drinkypoo]

Theo apparently feels (as I do) that the more we support vendors who refuse to just open up their specs, the less vendors will open them up. If Linux is taking over the server market (it is) and they need to open their device specs up to have them supported (they don't, if people will go NDA) then more companies will open up their specs so that they can be supported by linux - because companies like to minimize the variety of hardware in their organization for support reasons, and they are more likely to spec a single NIC that works in all situations (if available) than spec two different ones, one for Linux, and one for Windoze.

As long as people develop drivers for these products through reverse engineering or NDA, then these manufacturers will have no reason to release specs.

Re:NDAs are a big problem?

[J.R.+Random]

The very fact that an NDA is used means that the manufacture knows that the writer of the driver needs facts that can not be determined by looking at the source of the driver itself. Typically this involves the use of various magic constants that must be loaded into device registers at appropriate times. The manufacturer knows what the magic constants mean. Hopefully the writer of the driver does too. But nobody else does, and the author of the device driver can't tell them. So if there's a bug (maybe because the magic constant wasn't quite the right one to use in certain circumstances) there's no way for another person to fix it. Likewise if there's a desire to expand the functionality of the driver there is again no way for a third party to know what the magic constants should be.

The reason companies do not open up their drivers

The fundamental reason why companies do not open up their drivers is because the average end user considers it a Linux problem when Linux doesn't have proper support for a given proprietary piece of hardware, instead of a problem with the maker of the chipset in question.

I think one reason for this is because there are a zillion consumer devices out there and no real place to be able to look up a given piece of consumer hardware and see who is making the chips for said hardware, and whether the chipset in question has a Linux driver. More importantly, if a given chipset doesn't have a Linux driver, the documentation should tell us whether this is because the chipset in question is closed, or if it is because no one has had a chance to write a driver.

If this information is out there, when people give the usual "Linux sucks because it doesn't support X piece of hardware" flame, the reply can be "blame the makers of X piece of hardware, not Linux". If this mindset catches on, companies will start supporting Linux better. For example, I bought a Creative Zen Nano instead of an iPod Nano because the Zen had full Linux support; the iPod doesn't.

The problem with making this online database is that someone will need to be motivated to make such a database; this is a non-trivial task. The wiki model is perfect for something like this. Indeed, someone has a wiki-based database like this for IBM Thinkpad computers

Re:We don't buy hardware that OpenBSD doesn't supp

[idontgno]

If a hardware company is so proprietary or secretive or locked-down that OpenBSD can't (or chooses not to) support it, I don't believe that company will last in the long run.

OpenBSD confirms it. Adaptec is dying.

theo de raad

was that the guy who was seriuosly sick and asked for help on slashdot?

Re:theo de raad

[rehabdoll]

No. You probably refer to Patrick Volkerdi, the author and maintainer of Slackware.
And he did not ask for help on slashdot, he asked for help in the slackware-changelog, which was later posted on slashdot.

Logical fallacy

"In this system, having open code on the embedded micro means that an uncaring individual could just crank the power output without regard for the FCC requirements."

An uncaring individual can already do this, regardless of whether the code is open or closed. Having the code being open simply saves some time; but it does NOT prevent the effort. Most consumers could care less, and won't touch it. The ones who really want to can already do this.

Compilers

[StarHeart]

I think Theo is crazy for wanting a compiler with little or no optimization. It would make his life easier for development, but completely screw the user. From everything I have heard gcc isn't good enough at optimization.

Re:Compilers

[GnuVince]

Maybe the idea would be to start with a clean slate, a clean and simple compiler and adding optimizations afterwards.

Re:Compilers

[Clover_Kicker]

If the tree compiled cleanly with both compilers, they'd develop with speedycompiler and ship the GCC optimized version.

Re:Compilers

[StarHeart]

The problem being that even if it compiled cleanly, which isn't likely, it still may behave differently.

Re:Compilers

[mccoma]

It seemed to me he was more concerned that the correctness of the generated code was being compromised by the optimizations. I would expect the would love a small, correct compiler that they could add various security enhancements (e.g. stack protection) in a straightforward manner.

Re:Compilers

[Clover_Kicker]

They're already developing/testing on several different architectures, what's one more source of insanity?

Re:NDAs are a big problem? IP! Trade secrets!

[Doug+Coulter]

Yes, NDA's can be a problem. Typically, the most performance is wrung from a video display chipset via a number of tecniques, some of which are patentable, some of which are merely trade secrets (see sources like www.groklaw.net to discern what I'm talking about around IP and how the current laws stink). Some of these are on-chip, some are in the driver, and this varies by manufacturer. If one could combine, say, Nvidia's chips with ATI's trade secret rendering tricks (or vice versa), one might have something better than either...And they will both fight to the death to keep some little marketing advantadge in these areas. Seeing the driver code in human readable form would instantly inform one (at least me) which was where, and allow things like this. Althought a good gpu has passed the general purpose X86 in pure mips, there are still conditions where the smarts need to be in the driver for best results, for example, in the case of (always) limited throughput to the chip, or heavy conditional stuff where the X86 shines but the vector processor does not. Why would any company give this sort of thing away? Trade secrets are "fair game" once revealed -- so one company might benefit by having its chip and the other's nifty driver tricks, whilst the one that had the nice driver gets nada out of it. Yes, it stinks. But there it is. Why would any manufacturer give this kind of thing away? They have what they have in chip form (some patentable, some not, but fairly well protected practically speaking) and other things that are best done in the host cpu given the total systems design, most of which are fair game once revealed. It stinks, but there it is.

Re:We don't buy hardware that OpenBSD doesn't supp

That's why it's important that the OpenBSD people provide a list of hardware players that they recommend. Let us as custumors know which hardware vendor to prefer.

You are a little confused.

[Homestar+Breadmaker]

The simple, easy optimizations that have the most effect are fine. But gcc spends ages trying to over-optimize code, making it take 5 times longer to compile, and then producing code that is often incorrect (crashes or corrupts data) and/or slower than without the optimizations.

You hear that gcc isn't good enough at optimization because its true. Its really bad at it, and produces slow, broken output. That doesn't mean everyone else should try to make their compiler blow too, it means gcc sucks.

Re:You are a little confused.

[PenGun]

You can turn optimization off and on depending on what you want. Now I'm no king coder but even I know that.

    PenGun
  Do What Now ??? ... Standards and Practices !

Re:You are a little confused.

[Homestar+Breadmaker]

Unfortunately, its not so simple. Many of the optimizations required serious recoding of gcc, making it MUCH slower to compile code, even when you don't have any optimizations turned on. Notice how gcc3 is twice as slow as gcc2? Notice how gcc4 is even slower?

Re:You are a little confused.

[LandruBek]

Can you point me to any links, papers, whatnot on why GCC is, or can sometimes be, so bad?

Re:You are a little confused.

[BasharTeg]

Can you point me to any links, papers, whatnot on why GCC is, or can sometimes be, so bad?

Yes. http://bsd.slashdot.org/comments.pl?sid=184674&cid =15251380

Overhead rates

[alexhmit01]

Universities have an overhead level, including salary fringe, etc., that then gets estimated. If the university's overhead rate is 65%, then for every $1 in grant money, 35 cents goes to cover DIRECT costs of the work, and 65 cents go to the University Overhead Income Account.

Basically, things like lab space may be direct or indirect (overhead) costs, depending on setups.

Given that they weren't on staff so there was no fringe (taxes, benefits, etc.), and they weren't using any school resources, maybe they got a discount and a 45% or 50% overhead rate.

Essentially, in grant accounting, you have to account for your direct expenditures (and get reimbursed from the grant issuer), but the overhead you keep. So the university wants as high an overhead rate as possible, as they keep that money. The researchers that "earned the grant" want the lowest rate possible, so more of the money goes into their accounts for their expenditures (you know, things like their salaries).

Also, if grant money is spent on not-aprroved things (let's say Theo calls 25% of his house his office, but the grant doesn't cover the home office, or he hires a project manager and that isn't approved for the grant), then the school won't be able to get reimbursed for those expenditures. Each organization's politics determines what happens when the school "eats" the costs (part of why they have such a high overhead, they cover over-runs, etc.), but in this case, it was an outside organization. I wonder how comfortable the University was cutting checks to Theo's personal account without knowing that they would get reimbursed, so they probably kept a high reserve that they wouldn't release, and a large overhead rate.

Ah, grant accounting...

Alex

Re:Overhead rates

[cymen]

D. J. Bernstein (of djbdns fame/infamy) has some words about this very issue (he is at University of Illinois at Chicago): http://cr.yp.to/uic.html

Nope.

[Homestar+Breadmaker]

The plan 9 compiler is available under an MIT license as part of inferno.

Re:Nope.

[DrSkwid]

and ?

Re:Nope.

[Homestar+Breadmaker]

And what? You said "but he doesn't like the license Lucent offer for them.". I pointed out the obvious fact that you are incorrect, as it is offered under the perfectly acceptable MIT license. Which part of this is confusing you?

Re:Nope.

[DrSkwid]

this part

"The new license is utterly unacceptable for use in a BSD project." - Theo de Raadt

Re:Nope.

[Homestar+Breadmaker]

Maybe it would be less confusing if you bothered to read? That is referring to the plan 9 license 3 years ago. Like I said, the compiler is now available under a perfectly acceptable MIT license as well, so the license is no longer the issue. They simply don't want it.

Re:Nope.

[DrSkwid]

That's a similar but not same compiler suite from Inferno
http://www.vitanuova.com/inferno/

The Fourth Edition is available as Free Software under a mixture of Free Software licences (GPL, LGPL, Lucent Public or MIT-template, depending on the component).

Not plan9.

I guess they would be usable. I don't follow OpenBSD discussions but I wonder why they are no longer considered suitable for OpenBSD.

Re:Nope.

[Homestar+Breadmaker]

The inferno compiler is the plan 9 compiler. Compare the sources.

Re:Nope.

[DrSkwid]

But that still leaves me the puzzle as to why Theo kicked up all that fuss and when they stuff he was fussing about was removed and only the technical remained, his mind had also changed.

So either the technical benefits have gone or Theo is choosing a less optimal solution based on personal reasons.

surely not !

Re:We don't buy hardware that OpenBSD doesn't supp

No SMP server, then ?

Version Numbering

[Goo.cc]

You know what I like most about OpenBSD? A sane version numbering scheme. In this day and age where version numbers have become a marketing tool, it is a nice change.

The worse offender in this regard has to be Mac OS X. I see people write "Mac OS X 10.4", which is the same as saying "Mac OS Ten Ten-point-four". And I've never seen anyone write it as "Mac OS X.IV" or "Mac OS X.4". (Most people say "ex" instead of "ten", I bet.)

Re:Version Numbering

[menace3society]

I used to version OS X the same way they do references for Shakespeare plays: e.g. X.iv.6 refers to the latest version of Tiger, for example. But, not only did it not catch on, no one really understood it so I gave up. The problem is that no one's really sure whether there will ever be an eleventh version of Mac OS or not. After all, it has an X in the name like all good commercial Unices. But OS X has been around for nearly six years, and we've still neither hide nor heard of the next version.

Re:Version Numbering

Darwin xxxx.xxxxxx.xxx 8.6.0 Darwin Kernel Version 8.6.0: Tue Mar 7 16:58:48 PST 2006; root:xnu-792.6.70.obj~1/RELEASE_PPC Power Macintosh powerpc

That's because "10.6" is really 8.6.0.

Re:Version Numbering

[Goo.cc]

Interesting. Thanks!

Re:Version Numbering

[kl76]

I'm not so sure OpenBSD's version numbering scheme is so sane...remember it started at 2.0, 3.0 followed 2.9 (was it really a "major" release?) and it seems the next release after 3.9 will be 4.0. Are they uncomfortable with double-digit minor version numbers? Remeber guys, its two numbers separated by a dot, not a decimal fraction!

People write "Mac OS X 10.4" because that's the way Apple write it. Of course, the X and the 10 are tautologous, but I guess Apple wanted to clearly differentiate Mac OS (<=9) and Mac OS (X) as products but still keep the usual release number format and sequence.

Linux uses OpenBSD too

[AHumbleOpinion]

Theo openly admit his project regularly needs to take from Linux, maybe he should be paying all those Linux coders developing device drivers?

And linux devs openly admit that OpenBSD often identifies and patches security holes that also affect linux. So bug and security fixes cancels out drivers, Theo's OpenSSH point is left standing. :)

What does "truly free software" mean?

[jbn-o]

What, exactly, is "truly free software"? I can't find that term in the interview.

Re:What does "truly free software" mean?

[Nimrangul]

Many view Linux, with it's commercially driven, binary-embedding kernel and the operating systems which use it as unfree.

Others view the GPL as overly restrictive, and thus systems which agree with the FSF's POV as unfree.

Others still view systems with large beurocratic bodies as restricted by these bodies, OpenBSD only one body, Theo, thus there is no plan-encumbering beurocracy, whereas those with the overbearing councils, cores and foundations do and are thus unfree.

not lackluster

[r00t]

It's designed to maximize compile speed so that you can use it as a script interpreter for C code. The qemu emulator evolved out of tcc.

#!/usr/bin/tcc

Re:not lackluster

[Homestar+Breadmaker]

I know what is was designed for. That doesn't mean its useful as a general purpose compiler for many platforms.

They step up to help OpenSSH if needed, w/ code

[r00t]

Code donations most directly support OpenSSH.

Money donations go into the OpenBSD pot, supporting a competitor.

It's kind of a bait-and-switch Theo is trying. He asks for OpenSSH donations, but he doesn't keep the funding separate from OpenBSD. So he's demanding that Red Hat donate to OpenBSD. Excuse me???

Re:They step up to help OpenSSH if needed, w/ code

Well, presenting things this way might not be a smart thing to do but it is definetelly the honest thing to do. You can't really believe that it is easy to split the funding of two projects so tightly related and developed by the same devs, he could only make it appear this way ;)

RedHat (and other vendors) on the other hand, chose to do the smart thing instead of the honest thing. The right thing would be to contribute since they literally make money using openssh. In the end it might not even be the smartest thing, because if openssh seases official development it will soon fall back in quality and make them wish they had donated even 10% of the money that they estimate openssh saved them! ;)

no

[r00t]

Usually documentation does not exist. Under an NDA, the company can supply hardware design plans and Windows source code instead.

OpenBSD code auditing?

[raw-sewage]

TFA had a typical comment from Theo or any OpenBSD core team member: "As we become aware of more problems in the C language, we are trying to be very agressive to make the code cleaner. Just the standard OpenBSD proactive auditing process."

My question is this: what is the "standard OpenBSD proactive auditing process"? Before, I've lightly asked about this on the misc@ mailing list, but the answers weren't very helpful, generally paraphrased as (1) experience or (2) study the CVS diffs.

Well... that's nice, but I'd like to have a more straightforward "beginner's approach", something a little more accessible. I agree that only experience will make you a truly great secure and correct coder, but it would be nice to have a book that explained (and gave examples) of the kinds of things that the OpenBSD developers routinely look for in their code audits.

Put another way, I feel I have a good understanding of the fundamentals of secure C programming: generally prefer strncpy() (or strlcpy()) to strcpy(), know when to use memmove() or memcpy(), always check input parameters to make sure they are within the defined boundaries of the function, etc... but surely there's more than just these well-known general rules of thumb, right? It would be nice if core OpenBSD developers could have their secure C programming expertise dumped into a book!

Adaptec dying?

[LandruBek]

Dying? It sad they can't somehow, how to say in English, change themselves, alter their way of doing things ... ach, what is that word?

Re:Adaptec dying?

[Nimrangul]

Modulate?

Not knowing the answer, start with their "lint"

[emil]

I remember that the last big OpenSSH vulnerability was a problem with signed/unsigned integer conversion, and that lint was able to detect this vulnerable usage, which facilitated a complete audit of the source tree.

Granted that Theo makes further mention of their lint work in the interview, if you had C code that concerned you, you should start with the OpenBSD lint.

This leads to a couple of points:

• If a C programmer has critical code, (s)he needs to install OpenBSD for access to their lint
• The OpenBSD team should really consider OpenLint

Linus the asshole hypocrite

[Raenex]

Neither Linus nor Theo would ever use a rude name against an individual developer or organisation unless they truly were not smart.

Would Linus trash one of his open-source peers for, *gasp*, reverse engineering a closed-source protocol?

http://www.realworldtech.com/forums/index.cfm?acti on=detail&PostNum=3322&Thread=2&entryID=49312&room ID=11

"He didn't create something new and impressive. He just tore down something new (and impressive) because he could, and rather than helping others, he screwed people over. And you expect me to _respect_ that kind of behaviour?" --Linus Torvalds

Re:Linus the asshole hypocrite

Good thing you provided the link, because I got the chance to read Linus position which shows he is not an asshole nor a hypocrite. His points are valid. While I disagree, I respect his opinion since it is consistant and honest (Linus never claimed to care as much about free software as for technically correct software).