Hifn Restricts Crypto Docs, OpenBSD Opens Fire

Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."

Personal Info == Legal Tender

[TripMaster+Monkey]

From Theo's response:

"50 personal questions" is not open access. Please don't lie about it.

Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source. This position may currently be confined to OSS in general and the HIFN question in particular, but it's not difficult to imagine this argument generalized to apply to any situation in which an entity requests personal information. Personal info needs to be treated as the valuable commodity that it is...kudos to Theo for taking a stand on this issue.

Theo also addreses something many of us here are worried about:

>Registration at our extranet is required along with an email address
>that can be confirmed. We cannot support anonymous FTP or http
>downloads. The reason for this is that we are required by the
>conditions of our US export licenses to know who and where our customers
>are. If anyone objects to registration then we could not sell them
>chips anyway so it does not seem an unreasonable restriction to us.

So the personal information you ask for in the registration process
will be given to the US government if they ask? Without court
documents demanding the information?

Even disregarding the 'personal info == currency' argument outlined above, this objection stands on its own. HIFN is basically stating that yes, the info gathered will be handed over to the U.S. government on request, to satisfy their licensing requirements. This alone is a deal-breaker.

Theo sums his entire argument up beautifully here:

We are not your customers. YOU ARE OUR CUSTOMER. Our driver sells
your chips.

I know that our hifn driver has some problems. But because I cannot
get data sheets without giving you private information, I will not
spend even one moment more of my time to improve support for your
products. Jason and I spent a lot of time writing that code in the
past, but because your policies are privacy invasive towards us, and
thus completely thankless for the sales that we have given you in the
past -- we will not spend any more time on your crummy products.

Well said, Theo. I for one don't care to support a company who engages in such practices, and I would rather see no support for a product than half-assed support, because the driver writers were not allowed full, unfettered access to the data sheets.

And finally from Theo's response:

And if you continue baiting me, I will delete the driver from our
source tree.

I stand by my statement that HIFN is not open.

Don't just say it, Theo, do it. If you stand by your statement, then HIFN has no place in the source tree, and should be deleted immediately.

Would that not be...

[Phil+John]

Would that not be on documentation that explained exactly how the chip worked and not just how to send and receive bits from it?

If this is the case with HIFN, why do some other hardare companies in the same field not have the same restrictions?

There was a good comment made later in the thread:

Perhaps you can talk to your legal counsel and actually break out the documentation needed for these open source drivers into a separate and truly open to the "general public" anonymous download site. I doubt that the documentation that is being requested by developers is putting you in violation of US Export Regulations
....snip....
I understand it's very easy these days for attorneys to just say put everything behind your registration only access extranet to be safe. This is not acceptable and, in my opinion, is not open to the general public like you stated.

That sums up my thoughts much more succinctly.

Re:Theo

[ScouseMouse]

The fact that he *does* stick to his principles despite people telling him just how out dated and un-capitalist he is, is the reason i *do* use open source.

The problem is that Manufacturers seem to have the idea that they can dictate terms to the people who produce software to run on their hardware. Unfortunately, In the majority of cases, that appears to actually be the case.

The insulting thing in the original email was that he should be expected to comprimise his principles to support other people's profit, and as he is *not* being paid by Hifn, I personally see that it is well within his rights to not support the hardware in question.

Perhaps if you went up to some Civil rights protestor in the 1960's and said that this entire equality thing was a bit silly, and they should just accept these limitations, because its convenient for the asker, you may get a similar response.

Yes, i know this is a bit contrived, however, its worth noting that there are people who consider this sort of thing a matter of Civil rights. The right to be able to do whatever you want with the electronics in your computer, as opposed to what someone you have never met tells you.

Some people do consider this sort of thing a huge insult, and if putting it in plain language offends you enough that you dont use open source software, then i feel sorry for you. Your missing out on a lot of great software written by people who love what they do, however thats your choice.

Re:Go Theo-Batter up.

[Svartalf]

It's the most security oriented. Funny...a crypto chip vendor spurning the most security oriented
OS developers' desires for unfettered acces, etc. No personal info should need to be given to a
vendor unless he's entering into a sales relationship with them. Honestly- too much risk of Identity
Theft through this sort of thing.

Seriously, I'd have to agree with him on this one- and I'm from the Linux camp and would be driving
sales into that segment very shortly. I'd be making a big stink about it too. And what's sad about
all these vendors is that they're doing nothing but pissing off the people that'd be helping them
sell chips.

In reality, the vendors are doing this because idiot IP lawyers tell them to do so. There should
be no IP revealed in the systems interfaces to a device. It should be the silicon equivalent to
an API. If there is IP honestly revealed, then you've got something new, and the patent itself
should be sufficient to protect it. If you're trying to hide a design flaw by not revealing info-
don't. You should design devices with interfaces that make sense and are system safe or can be made
so with the right device driver code.

Keeping it secretive helps nobody in reality. For example, ATI's drivers work adequately on the
desktop space but are less performant on at least part of the laptop line under Linux- because of
a design/coding flaw in the closed source drivers. I can't reccomend anyone get a laptop with an
ATI based display because they just don't seem to work as well. If someone had source code and
technical data access they could most likely fix the problems in question- unless the chip had a
design hickey. Even then, unless it's something that would compromise security, it should be
able to be coded around- Windows drivers can do Sideport memory correctly, why can't the Linux
support do the same thing?

At any rate, I believe I've drifted from the conversation... Yes Theo's got a niche play- but
in the segment that Hifn's in, it's an important one all the same.

Re:Theo

[the_B0fh]

Has any one who badmouths Theo actually tried to talk to him? I've communicated with him without any issues. Just because a person has principles, and stands up for those principles, loudly, doesn't mean he is an asshole.

Looking at the NetBSD issue, Theo was bitching about developers who kept introducing security holes - I dunno about you, but I'd bitch slap people who keep introducing security holes too, else you end up with something like Windows.