Slashdot Mirror
Hifn Restricts Crypto Docs, OpenBSD Opens Fire
Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."
This should get really interesting.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
...I count 12 required fields where you have to enter data.
Is this worth throwing a hissy fit over? Once one person downloads the docs, they can distribute them.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Oi, Theo! I agree with you 100%, but please, tone down the virtiol just a smidge! From TFA:
Calling their products "crummy" and threatening them with driver deletion if they don't stop "baiting" you is not a way to get what you want. Now it means some egomaniacal manager has to eat crow for the driver to go public. I was in 100% agreement with your post until I got to this point.
Sometimes, I wish someone would just slip some sort of tranquilizer in the water supply near Alberta...
That's a typical OpenBSD discussion, in which Theo DeRaadt
i) is basically right
ii) still manages to sound like spoiled whiny tosser in the process.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
From Theo's response:
Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source. This position may currently be confined to OSS in general and the HIFN question in particular, but it's not difficult to imagine this argument generalized to apply to any situation in which an entity requests personal information. Personal info needs to be treated as the valuable commodity that it is...kudos to Theo for taking a stand on this issue.
Theo also addreses something many of us here are worried about:
Even disregarding the 'personal info == currency' argument outlined above, this objection stands on its own. HIFN is basically stating that yes, the info gathered will be handed over to the U.S. government on request, to satisfy their licensing requirements. This alone is a deal-breaker.
Theo sums his entire argument up beautifully here:
Well said, Theo. I for one don't care to support a company who engages in such practices, and I would rather see no support for a product than half-assed support, because the driver writers were not allowed full, unfettered access to the data sheets.
And finally from Theo's response:
Don't just say it, Theo, do it. If you stand by your statement, then HIFN has no place in the source tree, and should be deleted immediately.
____
~ |rip/\/\aster /\/\onkey
With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD.
"They obviously don't know who they are dealing with.
This should get really interesting."
I hear he's going to take his small portion of the market and go home.
If he objects to providing that information, he can say so, but this sort of easily-refuted hyperbole doesn't help.
There are no US export controls on computer hardware documentation. Any computing device can be used for crypto and even if the US reclassified the lot as munitions, you would still be permitted to explain how such a device would function.
How would this violate US Export Licences???
Fine, don't export chips overseas without knowing who you're selling to, but documentation? For driver developers no less?? When Hifn themselves are trying to say that this information is open and free???
This is the key point of Theo's argument, surely: that Hifn are not at all obliged to demand this information, and therefore are going against the principles of open access/source by demanding it. Can someone please explain what I'm missing here.
Meta will eat itself
theo is right in theory, and I support him.
anyway who uses real data on those annoying forms? use bugmenot.
Would that not be on documentation that explained exactly how the chip worked and not just how to send and receive bits from it?
If this is the case with HIFN, why do some other hardare companies in the same field not have the same restrictions?
There was a good comment made later in the thread:
Perhaps you can talk to your legal counsel and actually break out the documentation needed for these open source drivers into a separate and truly open to the "general public" anonymous download site. I doubt that the documentation that is being requested by developers is putting you in violation of US Export Regulations
....snip....
I understand it's very easy these days for attorneys to just say put everything behind your registration only access extranet to be safe. This is not acceptable and, in my opinion, is not open to the general public like you stated.
That sums up my thoughts much more succinctly.
I am NaN
While I whole-heartedly agree with the point Theo was making in his article, I can't help but think that engaging in hyperbole (50 questions? ~25 is accurate) and verbally abusing and threatening the vendor is going to help in any way.
Everybody know its already very easy to have good encryption outside the US. And how did they expect information to be available to their entire population and not leak outside their borders?
Well, I can't say I disagree with Theo. The 'Open' in OpenBSD loses its meaning if you use such non-free documentation. And it's not as if the OpenBSD team has any obligation to include Hifn drivers.
You know what, if you'd wanted this 15 years ago, you would have phoned them up, given them the EXACT SAME INFO THEY'RE ASKING FOR on their web site, and they would have mailed it to you.
And a sales-person might have called to see if you wanted to buy some chips.
Theo's "50 questions" is email, name, company name, title, address, phone number, and "what is your project? What is your role? When do you want to buy some chips?" How about a little reality here. Theo does some great stuff, but that doesn't mean he gets to bend how the world works to his will.
Just like the "I don't get any donations" rant from him a bit ago, he just doesn't seem to be well grounded in business realities. If you want donations, you need a tax-exempt foundation, not "make checks out to Theo." If you want data sheets, you might have to tell the company who you are and why you want them.
The preferred solution is to not have a problem.
"Jason and I spent a lot of time writing that code in the
past, but because your policies are privacy invasive towards us, and
thus completely thankless for the sales that we have given you in the
past -- we will not spend any more time on your crummy products."
Sales?
Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.
If you want drivers for "less mainstream OS'es", please attach your request to a large multi-mega-million part order from <insert vendor here>. If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.
The sensitive information is not Theo's address or phone number. It is the fact that Theo, or you, or I, downloaded the data sheet for a crypto device. In the recent past, and possibly again under a future government, that in and of itslf could be considered suspicious behavior.
For an off-the-wall point of view, consider that crypto is still officially "munitions"--arms. Maintaining a registry of citizens in possession of such arms is arguably a violation of the Second Amendment.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
When companies impose weird intellectual property restrictions on their data sheets, then I'm all for making the process of getting the data sheets as cumbersome as possible--that way, FOSS developers will at least become aware that there is something funny going on.
Some other vendors hide a restrictive license ("if you look at this, we own stuff you do with it") somewhere in the documentation or behind a "Read This License" link, but people who look at the documentation never notice.
OpenBSD could really care less about Hifn in the long run. Someone stated that Theo thinks his personal information is like currency. It is. The US government would love nothing more than to learn who uses crypto devices and they have no right to that information. Thankfully, OpenBSD is based in Canada and not in the US. The US has long been opposed to crypto among the masses but cannot really do anything about it. This president is doing his damndest to crack down on anyone and anything that even remotely smacks of anti-US sentiment, policy, etc.
OpenBSD should delete the driver and move on. It would not take that much capital to devise you own crypto chip sets, write the drivers and then have the Chinese or Koreans build them for you. OpenBSD could sell the chips and the drivers and fund itself in the process.
Go OpenBSD!
I like Theo. The more of his statements I read, the more I appreciate his no compromise, take no prisoners approach.
= signupapp or just part of it? That part about the NDA bothers me.....
50 personal questions sounds way beyond overkill. I've downloaded plenty of export controlled software, with merely a few questions.
My guess is, Hifn like many other companies, gives everything to their sales folks, or worse, resells it. Can you blame Theo for taking offense, when they want 50 personal questions answered?
BTW, is this the signup? http://extranet.hifn.com/home/anonymous/?workflow
Does anyone know what they were besides what's on the first sign up page?
"I hate to advocate drugs, alcohol, violence or insanity but they've always worked for me" - HST
I can see it possibly beeing sensitive information about you or I, but Theo is known to develop OpenBSD...
Analogies don't equal equalities, they are merely somewhat analogous.
It's one thing to have a legitimate gripe. It's another to turn that gripe into useful action to get what you want/need. While Theo's behavior might be amusing to fellow BOFH-types (like me), it is only going to further maginalize OpenBSD and has no chance of success. Insulting the person with the ability to give you what you want, and then stamping your feet about how much "sales" he'll lose by not complying seems more like something I'd see in a middle school locker room than a boardroom. A shame....
... and lately the only OS focussing on fais seems to be openBSD. Thanks for fighting for OUR long term freedom again Theo.(Also a thank you to RMS). The one PC I have left at home runs OpenBSD and i BUY every new release.
Kudos to Theo and the openBSD team
J.
Maybe, but I think the disclosure of the source to someone "overseas" is the same thing to the government (IANAL, blah, blah, blah...). For example our friend PGP and its derivatives. All of the concepts and algorithms are pretty much freely available too, but there is that pesky requirement to "prove" you are in the US before download, right?
If you want news from today, you have to come back tomorrow.
Thats exactly it man, the export requirements of the US gov don't require documentation on the hardware to be protected. I don't think you're missing anything, Theo is right, you shouldn't have to click on some agreement and fill out crap to download documentation. Even if 11 fields only required, those fields are for ton of info... Full name(2), company, title, phone, full address (5), and relationship... I don't give that info out to anyone unless I absolutely have to for payment.
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
This is so the sales department can have an easy time pushing product. I'll bet anyone who signs up gets a call from the Hifn sales-droids within a week after they download the datasheet, if not before they grant access.
Someone downloads the data sheets using a foreign address or bogus US address and a mailinator.com email address and then shares the data sheets with the people that need them for the development. This can be done every few months and then a diff done on the data sheets to make sure everyone has the latest information.
It wasn't just the one board either since I tried 4 different ones with 4 different Soekris 4801 boards as well and they all lock up under OpenBSD 3.9. I've seen this has been a problem in the past and I would've thought they would correct it now. I guess I should try FreeBSD instead and see if it has similar problems with this crypto card (which is based on a Hifn chipset by the way).
The way export is defined in US regulations and laws is not about sale. It has to do with making objects and information available. E.g., multinational companies are required to provide some segmentation in their computer networks to avoid exposing export controlled, or ITARS restricted information from reaching their non-US employees.
Whether or not one thinks that the US government is becoming paranoid and over-secretive (I do), this is not an unreasonable definition of export. E.g., if one just gives centrifuges for enriching uranium to Iran, they are exported there, independent of whether one receives reimbursement. The arrival at the endpoint of the object or information is what the US government cares about, not whether someone is paid to supply the stuff.
If you believe at all in export control, then it's not unreasonable for the US government to require that a vendor make some attempt to verify that its transactions comply with export control. Otherwise, you can just have someone say "I'd like to buy a whole lot of weapons-grade uranium. Here's my check."
what the theme of the 4.0 release song will be. :)
Realistically, isn't it a bit naive that the government doesn't have the ability to gather these fields of data on Theo from any other means, including a phone book?
The info == currency nonsense breaks down when you look at the personal information being collected.
Signing the NDA is another matter and has covenants that restrict use/distribution, which I would think is the meat of a sound objection to HIFN's practices on this matter.
I have signed up, the confirmation arrived within seconds and on the welcome is a message it may take several hours for a sysadmin to allow access - but no, I'm downloading PDF's straight away so it must be automated.
It's just marketing; but Theo is right about that not being completely free, as in free speech.
The article mentions "liberalisation", it seems that they're leaning to the left, but they're not actually left in their ideas and business model. Dump the driver.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
I don't know more about Theo or the company's man, Mr. Cohen than I've read in previous msgs, but I have been following the world like a mosquito hunting an elephant. That said, I think Theo hinted at "private truth" when he wrote "You tried to **pacify** me in private mail," and "... if you continue **baiting** me, I will delete the driver from our source tree."
5 022926623419&w=2
I believe "nonmaskable's comment above, "With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD," is very well made.
Because one person imagines himself (or another) to work for $ and another imagines himself/claims to work for a greater good, doesn't alter the fact that both are devoting their time, energy, and natural gifts in ways that, given a slightly enlarged world view may move rather quickly from discord to harmony. Many folks working with computers are *in a hurry.* They imagine there is something more important than the quaint ways of patience, common courtesy, and a wish to build a harmonious (boring?) community. I can appreciate the fact that Theo perceives (and, in fact, may be correct) that Mr. Cohen/Hifn are "playing" with him and the Open Source community, but consider a later reply on the list made here
http://marc.theaimsgroup.com/?l=openbsd-misc&m=11
It reads much more reasonably to me, yet, I think it encourages a similar result. I don't know what the "real" problem is, but I imagine that the more suppliers for hardware that is openbsd compatible [i.e., full and easy doc access] the better for the average openbsd user,... except, there's more "work" for folks like Theo,... and maybe that's what's going on here. Perhaps, he's looking for a single supplier that will appreciate his point of view and do his bidding without questioning his authority. If that's the case, I can't blame him,... it would be nice,... but the future is so hard to predict,... well, at least for me it is.
Best regards and hopes that harmony will evolve with a small reduction of publicized angst,
Gerry
ps - thanks for the space
Sorry...that doesn't work.
Is there anyone in their right mind who believes that Theo ranting at this guy, calling him names, calling the company's products crummy, and making threats is going to improve the situation? C'mon. This works about as often as construction workers whistling at female passersby.
Like a lot of us, Theo is great at what he does and awful, absolutely awful, at personal interactions with others. In any sort of professionally structured organization, Theo would be let loose on the technical problems - but kept miles away from any kind of PR situation where his outbursts can only do damage.
But guys like Theo are our public face. What's wrong with that picture?
It would be great if the Linux crowd would do stuff like this too.
http://www.thebricktestament.com/the_law/when_to_
Everybody seems to be sidestepping the main issue.
The real question that should be answered is whether hifn are indeed required by law to ask personal information of the people downloading documentation, as hifn claims they are.
If they are, than hifn simply cannot comply with OpenBSD's demands without breaking U.S. law.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Surely, with OpenBSD's refusal to submit, Hifn's only option is bankruptcy.
Such kernels developers feedback are very precious and insightful for us, customers. It's not only a matter of freedom an principles, it's about quality.
Be sure that - whatever the OS you use, being Linux, OpenBSD or FreeBSD -, when a vendor behaves that bad and is so reluctant in providing open access to documentation, you won't have a good driver nor a good support.
Those vendors behaviours are usually symptoms of a "closed" attitude, secrecy centerd, so even when we accept NDA, we can't expect them to disclose the whole needed informations (like, say, all firmwares versions bugs that needs a workaround in drivers level, know bad behaviour of their chipsets etc). This attitude will also discourage some knowledgeable developers to help to improve the driver, to fix bugs etc. Requiring NDA will prevent OSS kernel developers to share sensitive informations regarding their experience with the device (between OS, and even sometime inside the same kernel dev team).
So for now, if you need a stable encryption accelerator device, consider choosing an other vendor. Look out for Via C3, or SafeNet (and even some Broadcom) chipsets: those vendors plays the game well, don't seat on their customers (we) and the developers needs. They don't even hide behind a "U.S. export laws restrictions" argument, and didn't faced trials, proving the hypocrisy of HiFn assertions.
In the same time Theo used to write the reply to the mailing list, he could have already filled out those 50 questions and started downloading the data sheets.
Slashdot's more left. ;)
You better watch out, there may be dogs about . .
I'm willing to bet that there's a limit to what you can export, even in book form. Going to extremes, if I tried to export plans for the W80 nuclear warhead in book form (or print it on a T-shirt), I'd guess not only would export of that book be banned, but I'd be taking a nice long vacation at Club Fed..
Facts do not cease to exist because they are ignored. - Aldous Huxley
Guys, suck it up. Put fake info into the registration forms, get the fucking documentation, and write your goddamn drivers.
Just give bogus information.
Everybody does!
"Awesome, new hardware! Let me install OpenBSD"
[queue hours of pain and suffering when OpenBSD does not recognize hardware, culminating in a google search and discovery of Theos position]
"Damn, ok, lets go install Gentoo then"
Who gets hurt here? Oh yea, OPENBSD
Well, debate the word "freely" all you want, but that does not really address "reasonable". I guess I don't really understand what the big "issue" is with telling them who you are when you get this info from them. Is there a realistic problem, or is it unfounded paranoia or just plain bitching for no particular reason except to be contrary?
If you want news from today, you have to come back tomorrow.
in a form that will be made public. They need a PR person.
He is right in principal in many cases, however he has absolutely no talent when it comes to voicing that principal. OpenBSD seriously need a PR person that knows how to deal with actual people, you know with a hint of tact, cause he doesnt have any whatsoever.
The phrase "more better" is acceptable English. suck it grammar Nazis
I hope, for the sake of the IT industry, someone can come up with an acceptable solution to the whole issue of open vs closed drivers (including docs). I'm not close to either side (kernel hacker, or HW vendor), so I'm sure I am missing something important. BUT, I don't see the problem. Why don't all HW vendors open source the drivers?
My only guess is competitive advantage. BUT IN THE DRIVERS? The drivers should only provide hooks so the OS can use the HW. If you have secret sauce in the drivers, move them onto the silicon. Need to be able to update the "drivers"? Make it FLASH-able. FLASH too slow at runtime? Drop an SRAM on your board and copy the code from FLASH on boot. I can't believe this would cost that much more, especially since most of this probably applies to graphics cards that initially sell for $300+.
Again, I don't claim to know the real story, but from an average-user point of view, it seems the vendors are being childish, or at least, not creative enough to solve a real problem. Or most likely, they just don't care.
At least MS always has access to all driver sources; and that's the sound of a boat not rocking.
I've bought MANY Hifn projects, because the OpenBSD.org website said that they were good, and sent me to Soekris to get them. I have bought 4 PCI cards, 7 of the mini-PCI cards, and Soekris boards to support the latter. Without Theo's support, I wouldn't have bought those products. If there are a bunch of people like me, then we are a nice group of orders that they shouldn't lose because they can't deal with one rude programmer.
:)
That said, I bought the products because Theo said so... the OpenBSD project doesn't exist, it's a manifestation of Theo, seeing as how donations are a check to Theo...
As brilliant as Theo is, his behavior makes me nervous to trust his organization's software for mission-critical functions. The fact that I might pick up the new OpenBSD CDs, go to upgrade my servers, and "surprise" no drive for you, is NOT an acceptable state of affairs, and that is what I am concerned about.
Alex
Fair enough, Hank. But I reserve the right to not use proprietary crypto code in sensitive applications - which are the only ones that I'd actually buy hardware acceleration for in the first place.
Let's get this straight: there's a world of difference between closed video card drivers and closed crypto drivers. Many of us are squeamish about about the former, so why would you think we'd cheerfully accept the latter? A closed source video driver could potentially crash my non-networked game machine. A closed source encryption accelerator cold potentially open my VPN server to the whole world.
I hope you can appreciate the community's position here, but whether you agree with it or not is immaterial. Should you change your opinion to better mesh with that of your would-be customers, please let us know. Many of us would like to buy your products if they become usable for our applications.
Dewey, what part of this looks like authorities should be involved?
I see that Theo is always the same... Too bad that in many cases Hardware companies do not want to "open" their stuff because that is their competitive advantage (see ATI, NVIDIA, etc).
So, Theo can throw tantrums at Intel (that likely does not own the rights to what he wants in the first place likely being a licensee), and to whoever else he pleases. All that he does is reduce the platform support of OpenBSD because, I can tell you, people are not just going to roll over and do what he wants when their business advantage is on the line.
Please spare me the hippy reply that everything should be public and free. I would like that, but it is simply not part of the reality of this universe. And that won't change because Theo is taking a hammer to his *own* platform support.
Often, there are just no specs.
You only get source code. For Windows, of course.
The humans who wrote the sources may have left the company already...
People speculated that this was also the problem with the "Adaptec-clash". Adaptec was rumoured to simply not have "documents" - just source.
And source is usually only available via NDA....
If that is not the case for Hifn, then I'm sorry - but they do make it hard to believe there are actually sane people working there...
Windows 2000 - from the guys who brought us edlin
Much too long to paste for a slashdot article, but here are the export restriction regulations for encryption hardware and software:
t
http://www.access.gpo.gov/bis/ear/txt/ccl5-pt2.tx
This whole argument revolves around whether the documentation that would help you make the drivers to control this encryption device is software. There is a very strong argument that it is software. There are some strong arguments that it is not. Best to lean on the side of safety, from a legal perspective.
Can't say I blame the company for making a developer who lives in a foreign country (Canada), follow US Custom laws.
...or does Theo come off as a snotty primadona?
He says they want all ten fingers, but they really only want two. And they only want to the first knuckle on those fingers.
Stop acting like they are cutting off body parts.
That's an interesting question. If people will recall, the PGP source code was put into a paper book and published. Explicitly to see if the U.S. Government would try to trump Freedom of the Press with Export Restrictions. The Feds didn't even bother to try.
Of course, this was after Kelly Goen released the source code, by putting PGP up on U.S. servers, and simply announcing where to find it. It was this latter method of release which got Kelly and Phil hauled up in front of the Grand Jury - not any book publications.
So, if Hifn is truly concerned about export restrictions on the data sheets, perhaps they should simply publish them in paperback form, with a binder and get an ISBN number.
I strongly doubt there will be any problems at all.
The best way to predict the future is to create it. - Peter Drucker.
While I agree his language may not make friends, it's his system, his drivers, his sweat., if he wants to call a bunch of weasels with crap products weasels with crap products, who are we to judge?
I say to Theo: "kick **more** ass"
and to hell with detractors, most of whom surely have never installed OpenBSD, let alone taken the extra step to purchase it.
Context is everything in this sort of thing.
You missed one IMPORTANT detail in this- the documentation to drive the chip is NOT covered under Export Regulations.
Only the drivers their OEMS bundle WITH the cards, any technical documentation talking to algos, AND the chip itself
are covered by Export Regulations. They don't have a need to restrict the SDK info for that reason.
Once you understand that, this becomes more of a businessman trying to "protect" purported IP type thing.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
yes, exactly. Anyone who wants access to such technical information would have a reason and intellectual curiosity wouldn't be it for very many. Obviously there's a principle at stake here but I don't think that the issue is as simple as that. Theo doesn't want to register and I doubt it's out of fear that the police are going to kick down his door.
of course it does.
Write a driver for a crypto device if you're a bomb designer: suspicious behavior. Write a driver for a crypto device if you're a driver writer and OS publisher: not suspicious at all. It's what they do.
Moderated 'Funny' rather than 'Insightful' or 'the Sad, Sad State of the Interweb'?
Maintaining a registry of citizens in possession of such arms is arguably a violation of the Second Amendment.
Even assuming this is true (which is a pretty big assumption), you may want to take into account that the US is not the rest of the world, and the rest of the world is not the US. Theo is not an American citizen, nor does he live here.
The reason for this is that we are required by the conditions of our US export licenses to know who and where our customers are.
So you can't have reverse DNS lookup or ftp logs of IP addresses?
It is easier for a foreigner to claim they are from the states in the NDA form fields, than proxy into a US box.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I am astounded by the completely idiotic, childish posts here. And so many of them sitting on score 5 Interesting and Insightful. This is why I have since left /. after being here since /. began. Back to mailing lists, where the noise is much lower and morons do not get "points" for being morons.
Theo is pissed off for good reason, OpenBSD is a fantastic OS and the greater OSS community gains from his actions. Get over yourself, please.
I was curious and found that the Firefox extension for http://www.bugmenot.com/ has logins for the site so that you can view the info. You know, I hate forced, "free" logins.
No, he doesn't. /. readers probably have so little practice speaking truth to power that they don't recognize what it looks like when it's laid out before them. The only non-surprise here is that another /. poster is finding a way to criticize those who defend our freedom to share and modify by speaking up and acting out. It's much like the overrated comments on the recent RMS in France thread where RMS was denied an audience with Prime Minister Dominique de Villepin; some posters in that thread chose to focus on RMS' dress, even implicltly supporting RMS' lack of a suit as a valid reason for dismissal rather than point out far more salient (possibly financial) relationships between de Villepin and Bill Gates (or other heads of state who do business with Microsoft and Bill Gates). de Raadt's strident message in this OpenBSD thread is on-topic, on-target, clearly written, precise, and perfectly appropriate. We need more such language in the pursuit of software freedom. I would have hoped that /. readers, being overwhelmingly computer users who probably receive very little respect in their own work regardless of how they dress, would be more inclined to weigh someone's message, not their appearance.
Digital Citizen
*IF* the company's corporation is U.S. based, then nearly all crypto is easily exported these days. Even RSA.
If you make a new cryptographic method in the US, (not PKI/RSA/etc, not AES/DES, not known hashing) then your system will probably require review before export approval. This is not most crypto though.
No, you can't send it to Cuba or other countries declared bad for whatever reason, but you can export crypto from the U.S. to most places in the world easily.
The vendor's spooky "if" scenarios are a pathetic attempt to justify collecting personal information.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
But why would they? The government could gather the data about anyone (from itself), but why should there be a link between Theo and hifn's product, when there are zero legal implications?
As Theo is Canadian, and Canada is a known haven for terrorists, this restriction is perfectly justified. In fact, we sould be looking into every government computer to make sure OpenBSD is NOT installed, because any Canadian connection is a risk to our country.
Theo has been going the rounds with them for some time. I suspect that Hifn has made a recent change (perhaps just to toss him a bone), and that Theo's numbers were previously accurate.
"We think people rightly feel that once they buy something, it stays bought," --Suw Charman, Open Rights Grp
Actually, under ITAR regulations, export is defined as merely passing information to a non-US citizen, even if that person is present in the US and the tech never leaves the US company's premises.
Absolutely!
What's actually funny, is how many people in security sensitive environments rely on those closed-source video drivers. Even if the machine isn't networked, a rogue driver could still hook into crypto libraries and add keys of their own while encrypting files... et voila: a nice backdoor in files you thought would be secure!
cpghost at Cordula's Web.
I do agree with Theo that if the information is not free, then vendors should not expect OS writers to bend their principles to include it. On the flip-side, I don't want OpenBSD (or any other free OS) to be impacted by stupidity on the part of vendors if there's anything I can do to help.
My only question of Theo and the OpenBSD folks is: Is there anything that those of us who reject Hifn's arguments as absurd and contrary to accepted practices can do to help? (Well, besides not supporting Hifn in any way.)
This is clearly a case where differences in any other opinion should be irrelevent. Theo deserves support on this. Open Source in general deserves support on this.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I don't think deRaadt screamed anything, and I don't think that my words (however kind or rude you perceive them to be) prove anything about his demeanor. I'm not him and I don't speak for him. However, I do believe that you're reading something into his words that is far more harshly spoken (or written, as this case is) than they really were.
The reason why Hifn chose to do worse than this 5 years ago (no access) eludes me as does the rationale behind their current campaign to collect personal data on implementors starting 2 years ago. I have no specific evidence of what Hifn seeks to gain by making these choices. I don't follow the OpenBSD lists closely, but it seems to me that neither of these Hifn policy changes were in any way provoked by OpenBSD developers; as far as I can tell, this brouhaha began sometime this year. So I don't think that it is OpenBSD's work or statements that have anything to do with Hifn's choices to grant (8 years ago), restrict (5 years ago), or mediate (2 years ago) access to their docs.
And as for dealing with OpenBSD, I don't think Hifn needs to do that at all—again, 8 years ago Hifn just made docs available to the world implicitly saying "Add support for our hardware to your software". I have no evidence of contact between Hifn and OpenBSD until recently after Hifn twice changed their docs policy. If Hifn simply goes back to how they used to do business 8 years ago, OpenBSD will be satisfied and the two organizations need never speak again. Hifn can continue to believe anything they want about OpenBSD's devs and enjoy the fruits of OpenBSD's free (in both senses) support where OpenBSD users demand that their machines carry Hifn-brand encryption hardware. But for all I know, Hifn has enough money sitting around where they can afford to choose to cut off their clients' access to tech specs out of spite. Hifn's here-and-gone-again docs support alone make me think that they're not too stable and one should be cautious before dealing with them. They should have more deeply considered this 5 years ago when they cut off all docs access; reopening docs access will make the organization seem uncertain.
There's something else going on with this story, and it's not explained by saying de Raadt was rude.
Digital Citizen
The contention is that somehow by providing Name/Addy/Phone in order to download a datasheet, someone is "risking personal information" that might gain them the scrutiny of some nefarious government entity. But somehow the same person, for whom the same information is trivial to find (by, presumedly, the same nefarious people), writing a device driver and publishing it, is somehow less likely to be flagged as suspicious. It's a rubbish argument.
Evil Agent X: Look...some guy named Theo registered to download some crypto info. We better keep an eye on him. Evil Agent Y: Hmm...funny, I did a google search and some guy named Theo wrote a device driver for that same chip a couple of years ago. Evil Agent X: Yeah, but he didn't register, so he can't be much of a threat. Besides, all we have is his email address, full name, that he lives in Canada, pictures of him on his web site, his actual street address on his web site, oceans of email records...it's not like we could track him down or watch him or anything. Just forget about him....it's this Theo that filled out the form that we need to worry about.
That isn't disparagement. It is the honest truth. And exactly why we need them.
email address: randomstring@mailinator.com
Cookies enabled, javascript disabled
No other answers filled in
submit
password received at www.mailinator.com (cookies disabled, javascript disabled)
downloaded documents.
Is that it??
to all of those who are posting the same old bullshit "his attitude isn't making things better" or "do you really think vendors will listen to someone who publicly lambasts them?"
shut the fuck up
it does work and it has worked. and no, i won't do your work for you, go research it for yourself
what is the rest of the OSS "community" (although it hardly acts like a community) doing to help in these situations? absolutely nothing
vodka, straight up, thank you!
One resource that ATI doesn't have enough of is time. They don't have a lot of manpower dedicated to the Linux drivers so there's less effort put into fixing things like this- they're worrying more about piling new exposed features (which is also desired as well...). If there were open source drivers, there'd be a good chance someone like myself would fix the problem in question (I can do this sort of thing, I used to work on the FIRST set of open source Accelerated Drivers (Utah-GLX), which is why I've got a G3 Mac given me by John Carmack (Still in my possession), I've loads of acquaintances from out of Loki Games, and I'm doing work for Linux Game Publishing.)- because I've the skills and I have the time and desire to see it fixed- and the only reason why I've time is that it's a blocker for me to use this laptop I'm posting with as a development machine.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Or maybe you name, addy and phone just aren't that "private". It's not like it's that easy to look up public information about someone . But hey, it's tough to work up that "irony" tag when there's nothing ironic...
This is very true, you must listen to what Mr. AC here is saying. If we allow Canadian operating systems to flourish, we're going to start seeing system calls like moose() and poutine(). The horror!
Virtually all of my limited number of postings to Slashdot say roughly the same thing: Follow the money. HiFn do not care about being deleted from the BSD source tree, and they certainly do not care about placating Theo. If BSD support were critical for them, they would be writing their own drivers and supplying them to their customers. (N.B. I used to be in the fabless semiconductor biz, and we did exactly this).
There is some confusion about Theo's reason for taking issue with Hifn's policy. Some have interpretted his stance as being that the documentation is not free because you have to provide personal information before receiving documentation - in essence, that personal information is a type of currency that you use to pay for the documentation.
While this is a valid reason, this is not Theo's reason. Theo has stated that he doesn't like the fact that you provide personal information and Hifn uses that info to decide if they will provide the documentation. In essence, not everyone is free to access the documentation, only those who Hifn deem to be worthy. Theo is taking a far more noble stand than most people think.
I myself, as an OpenBSD user, am taking the stand that as a consumer I should have a reasonable right to expect that security products are fully and openly audited. If Hifn holds the power to deny documentation then they have the ability to prevent their products from being openly audited.
In any case, it just goes to show that this is an important problem which is not as simple as it first seems. Theo is not merely being a whiny shit, as some have posted. He has been dealing with this company's trickery for years and he has finally had enough. Good for him, I say.
And good for us, as well!
I think many are just going off subject and forget all that Theo have done including providing all of us with OpenSSH use by almost every company other there!
1 4832209207203&w=2
However, nothing more is asked then getting free spec to write proper driver for Hifn hardware at no cost to them and helping them in the process.
Mr Cohen should simply do what he is asking others to do. Nothign more and nothing less.
In case you don't don't and sadly you don't.
He sure is looking at OpenBSD closely and even asked them to provide documentations freely, so why doesn't he extend the same then:
http://marc.theaimsgroup.com/?l=openssl-users&m=1
See for yourself.
Take all and give nothing.
Is that what you really want to promote here.
Get off Theo's back and sned your vitriol where it goes and get your facts first!
If you've got one developer dedicated to the work, what do you have him working on?
/proc filesystem, figured out the bus memory
1) Adding OpenGL 2.0 features (including things like GLSL)- which are sought after but not all 100% done...
2) Fixing an obscure performance problem with the middle of the line Laptop GPUs...
If I were the manager, it'd be #1 that'd get done first- period. How many people do they have there
at ATI doing the Linux stuff? A couple at least- things are shaping up quite nicely as the
drivers have stabilized and while they're not QUITE performant on Linux as they are under Windows.
They still DO have issues lurking in the woodwork- things that DO take time to sort out. If you've
got only a couple (i.e. 2-4 or so) what all do you do to ensure conformance on the BROAD line of
GPUs that they have to support under Linux?
Basically, it's NOT as simple as you'd think- and it's not anywhere as easy as many make it out
to be. It's not simple doing code that doesn't stall the pipelines on a GPU or something
like an iWARP card (Current contract work for moi- trying to drive a certain vendor's iWARP card
to full wireline speeds (10Gbps, here I come!)...)- not everyone can code for it. ATI and
NVidia's right in that it's not a simple thing to code for a GPU's drivers. What they're not
right in is that they're the sole source for this sort of capability in programming on their
chipsets- after all, where did they get their developers in the first place?
More eyes always works better than less of them. More minds working on a problem will invariably
produce results not always envisioned by the original designers. John Carmack, for example,
came up with a clever (but rather evil) hack that allowed the RagePRO UtahGLX support not need
DMA allocated memory, special allocations of RAM, etc.- it just simply started up, allocated
it's driver buffers and then using a feature of the
addresses for the memory just allocated so you could hand it to the chip. No kernel space driver
needed- only root privs which the X server had at the time. Had it been closed technical info,
it probably would have never happened as a supported chipset.
I steadfastly hold to the principle that an SDK interface is an API on the silicon itself and
you shouldn't be hiding things or worrying about "tipping your hat" on things patentable. APIs
are supposed be available in some fasion. I would have problems with requiring
that someone register for the info- but I'd have less of a problem with that than the current
state of affairs. Interested parties would be able to at least do the things I've implied
in this conversation.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
For all that people accuse Theo de Raadt of being abrasive, singleminded, and ideological, we NEED people like him. It's the de Raadts and the Stallmans, the ones who refuse to back down in the face of corporate and (soon) government pressure, who make the open source movement possible. I think this very same bloody-minded stubbornness is one of the most important things he brings to the table. I admire his convictions and worry about his blood pressure. Theo, if you're reading this: don't give up!
~Eien no Inori wo Sasagete~ Searching for my Hatsumi...