Slashdot Mirror
Hifn Restricts Crypto Docs, OpenBSD Opens Fire
Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."
This should get really interesting.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
...I count 12 required fields where you have to enter data.
Is this worth throwing a hissy fit over? Once one person downloads the docs, they can distribute them.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Oi, Theo! I agree with you 100%, but please, tone down the virtiol just a smidge! From TFA:
Calling their products "crummy" and threatening them with driver deletion if they don't stop "baiting" you is not a way to get what you want. Now it means some egomaniacal manager has to eat crow for the driver to go public. I was in 100% agreement with your post until I got to this point.
Sometimes, I wish someone would just slip some sort of tranquilizer in the water supply near Alberta...
That's a typical OpenBSD discussion, in which Theo DeRaadt
i) is basically right
ii) still manages to sound like spoiled whiny tosser in the process.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
From Theo's response:
Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source. This position may currently be confined to OSS in general and the HIFN question in particular, but it's not difficult to imagine this argument generalized to apply to any situation in which an entity requests personal information. Personal info needs to be treated as the valuable commodity that it is...kudos to Theo for taking a stand on this issue.
Theo also addreses something many of us here are worried about:
Even disregarding the 'personal info == currency' argument outlined above, this objection stands on its own. HIFN is basically stating that yes, the info gathered will be handed over to the U.S. government on request, to satisfy their licensing requirements. This alone is a deal-breaker.
Theo sums his entire argument up beautifully here:
Well said, Theo. I for one don't care to support a company who engages in such practices, and I would rather see no support for a product than half-assed support, because the driver writers were not allowed full, unfettered access to the data sheets.
And finally from Theo's response:
Don't just say it, Theo, do it. If you stand by your statement, then HIFN has no place in the source tree, and should be deleted immediately.
____
~ |rip/\/\aster /\/\onkey
With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD.
If he objects to providing that information, he can say so, but this sort of easily-refuted hyperbole doesn't help.
How would this violate US Export Licences???
Fine, don't export chips overseas without knowing who you're selling to, but documentation? For driver developers no less?? When Hifn themselves are trying to say that this information is open and free???
This is the key point of Theo's argument, surely: that Hifn are not at all obliged to demand this information, and therefore are going against the principles of open access/source by demanding it. Can someone please explain what I'm missing here.
Meta will eat itself
Would that not be on documentation that explained exactly how the chip worked and not just how to send and receive bits from it?
If this is the case with HIFN, why do some other hardare companies in the same field not have the same restrictions?
There was a good comment made later in the thread:
Perhaps you can talk to your legal counsel and actually break out the documentation needed for these open source drivers into a separate and truly open to the "general public" anonymous download site. I doubt that the documentation that is being requested by developers is putting you in violation of US Export Regulations
....snip....
I understand it's very easy these days for attorneys to just say put everything behind your registration only access extranet to be safe. This is not acceptable and, in my opinion, is not open to the general public like you stated.
That sums up my thoughts much more succinctly.
I am NaN
While I whole-heartedly agree with the point Theo was making in his article, I can't help but think that engaging in hyperbole (50 questions? ~25 is accurate) and verbally abusing and threatening the vendor is going to help in any way.
You know what, if you'd wanted this 15 years ago, you would have phoned them up, given them the EXACT SAME INFO THEY'RE ASKING FOR on their web site, and they would have mailed it to you.
And a sales-person might have called to see if you wanted to buy some chips.
Theo's "50 questions" is email, name, company name, title, address, phone number, and "what is your project? What is your role? When do you want to buy some chips?" How about a little reality here. Theo does some great stuff, but that doesn't mean he gets to bend how the world works to his will.
Just like the "I don't get any donations" rant from him a bit ago, he just doesn't seem to be well grounded in business realities. If you want donations, you need a tax-exempt foundation, not "make checks out to Theo." If you want data sheets, you might have to tell the company who you are and why you want them.
The preferred solution is to not have a problem.
"Jason and I spent a lot of time writing that code in the
past, but because your policies are privacy invasive towards us, and
thus completely thankless for the sales that we have given you in the
past -- we will not spend any more time on your crummy products."
Sales?
Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.
If you want drivers for "less mainstream OS'es", please attach your request to a large multi-mega-million part order from <insert vendor here>. If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.
When companies impose weird intellectual property restrictions on their data sheets, then I'm all for making the process of getting the data sheets as cumbersome as possible--that way, FOSS developers will at least become aware that there is something funny going on.
Some other vendors hide a restrictive license ("if you look at this, we own stuff you do with it") somewhere in the documentation or behind a "Read This License" link, but people who look at the documentation never notice.
I like Theo. The more of his statements I read, the more I appreciate his no compromise, take no prisoners approach.
= signupapp or just part of it? That part about the NDA bothers me.....
50 personal questions sounds way beyond overkill. I've downloaded plenty of export controlled software, with merely a few questions.
My guess is, Hifn like many other companies, gives everything to their sales folks, or worse, resells it. Can you blame Theo for taking offense, when they want 50 personal questions answered?
BTW, is this the signup? http://extranet.hifn.com/home/anonymous/?workflow
Does anyone know what they were besides what's on the first sign up page?
"I hate to advocate drugs, alcohol, violence or insanity but they've always worked for me" - HST
... and lately the only OS focussing on fais seems to be openBSD. Thanks for fighting for OUR long term freedom again Theo.(Also a thank you to RMS). The one PC I have left at home runs OpenBSD and i BUY every new release.
Kudos to Theo and the openBSD team
J.
I have signed up, the confirmation arrived within seconds and on the welcome is a message it may take several hours for a sysadmin to allow access - but no, I'm downloading PDF's straight away so it must be automated.
It's just marketing; but Theo is right about that not being completely free, as in free speech.
The article mentions "liberalisation", it seems that they're leaning to the left, but they're not actually left in their ideas and business model. Dump the driver.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
Everybody seems to be sidestepping the main issue.
The real question that should be answered is whether hifn are indeed required by law to ask personal information of the people downloading documentation, as hifn claims they are.
If they are, than hifn simply cannot comply with OpenBSD's demands without breaking U.S. law.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Such kernels developers feedback are very precious and insightful for us, customers. It's not only a matter of freedom an principles, it's about quality.
Be sure that - whatever the OS you use, being Linux, OpenBSD or FreeBSD -, when a vendor behaves that bad and is so reluctant in providing open access to documentation, you won't have a good driver nor a good support.
Those vendors behaviours are usually symptoms of a "closed" attitude, secrecy centerd, so even when we accept NDA, we can't expect them to disclose the whole needed informations (like, say, all firmwares versions bugs that needs a workaround in drivers level, know bad behaviour of their chipsets etc). This attitude will also discourage some knowledgeable developers to help to improve the driver, to fix bugs etc. Requiring NDA will prevent OSS kernel developers to share sensitive informations regarding their experience with the device (between OS, and even sometime inside the same kernel dev team).
So for now, if you need a stable encryption accelerator device, consider choosing an other vendor. Look out for Via C3, or SafeNet (and even some Broadcom) chipsets: those vendors plays the game well, don't seat on their customers (we) and the developers needs. They don't even hide behind a "U.S. export laws restrictions" argument, and didn't faced trials, proving the hypocrisy of HiFn assertions.
I'm willing to bet that there's a limit to what you can export, even in book form. Going to extremes, if I tried to export plans for the W80 nuclear warhead in book form (or print it on a T-shirt), I'd guess not only would export of that book be banned, but I'd be taking a nice long vacation at Club Fed..
Facts do not cease to exist because they are ignored. - Aldous Huxley
It's the most security oriented. Funny...a crypto chip vendor spurning the most security oriented
OS developers' desires for unfettered acces, etc. No personal info should need to be given to a
vendor unless he's entering into a sales relationship with them. Honestly- too much risk of Identity
Theft through this sort of thing.
Seriously, I'd have to agree with him on this one- and I'm from the Linux camp and would be driving
sales into that segment very shortly. I'd be making a big stink about it too. And what's sad about
all these vendors is that they're doing nothing but pissing off the people that'd be helping them
sell chips.
In reality, the vendors are doing this because idiot IP lawyers tell them to do so. There should
be no IP revealed in the systems interfaces to a device. It should be the silicon equivalent to
an API. If there is IP honestly revealed, then you've got something new, and the patent itself
should be sufficient to protect it. If you're trying to hide a design flaw by not revealing info-
don't. You should design devices with interfaces that make sense and are system safe or can be made
so with the right device driver code.
Keeping it secretive helps nobody in reality. For example, ATI's drivers work adequately on the
desktop space but are less performant on at least part of the laptop line under Linux- because of
a design/coding flaw in the closed source drivers. I can't reccomend anyone get a laptop with an
ATI based display because they just don't seem to work as well. If someone had source code and
technical data access they could most likely fix the problems in question- unless the chip had a
design hickey. Even then, unless it's something that would compromise security, it should be
able to be coded around- Windows drivers can do Sideport memory correctly, why can't the Linux
support do the same thing?
At any rate, I believe I've drifted from the conversation... Yes Theo's got a niche play- but
in the segment that Hifn's in, it's an important one all the same.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Just give bogus information.
Everybody does!
in a form that will be made public. They need a PR person.
He is right in principal in many cases, however he has absolutely no talent when it comes to voicing that principal. OpenBSD seriously need a PR person that knows how to deal with actual people, you know with a hint of tact, cause he doesnt have any whatsoever.
The phrase "more better" is acceptable English. suck it grammar Nazis
Fair enough, Hank. But I reserve the right to not use proprietary crypto code in sensitive applications - which are the only ones that I'd actually buy hardware acceleration for in the first place.
Let's get this straight: there's a world of difference between closed video card drivers and closed crypto drivers. Many of us are squeamish about about the former, so why would you think we'd cheerfully accept the latter? A closed source video driver could potentially crash my non-networked game machine. A closed source encryption accelerator cold potentially open my VPN server to the whole world.
I hope you can appreciate the community's position here, but whether you agree with it or not is immaterial. Should you change your opinion to better mesh with that of your would-be customers, please let us know. Many of us would like to buy your products if they become usable for our applications.
Dewey, what part of this looks like authorities should be involved?
If I have the choice, I run OpenBSD on servers because when it fits, it fits like a glove. If Theo acts like everyone else and just rolls over when a suit tells him no, OpenBSD would be just like every other Linux/BSD distro. This sort of attention to details (in both software and licenses) makes OpenBSD distictive. In marketing-speak, this is called 'developing a niche'. Within its niche, OpenBSD has no equal. If it looses its niche, then it will loose its market share. So I think the best thing Theo can do is to be Theo.
Think global, act loco
While I agree his language may not make friends, it's his system, his drivers, his sweat., if he wants to call a bunch of weasels with crap products weasels with crap products, who are we to judge?
I say to Theo: "kick **more** ass"
and to hell with detractors, most of whom surely have never installed OpenBSD, let alone taken the extra step to purchase it.
Context is everything in this sort of thing.
You missed one IMPORTANT detail in this- the documentation to drive the chip is NOT covered under Export Regulations.
Only the drivers their OEMS bundle WITH the cards, any technical documentation talking to algos, AND the chip itself
are covered by Export Regulations. They don't have a need to restrict the SDK info for that reason.
Once you understand that, this becomes more of a businessman trying to "protect" purported IP type thing.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I was curious and found that the Firefox extension for http://www.bugmenot.com/ has logins for the site so that you can view the info. You know, I hate forced, "free" logins.
No, he doesn't. /. readers probably have so little practice speaking truth to power that they don't recognize what it looks like when it's laid out before them. The only non-surprise here is that another /. poster is finding a way to criticize those who defend our freedom to share and modify by speaking up and acting out. It's much like the overrated comments on the recent RMS in France thread where RMS was denied an audience with Prime Minister Dominique de Villepin; some posters in that thread chose to focus on RMS' dress, even implicltly supporting RMS' lack of a suit as a valid reason for dismissal rather than point out far more salient (possibly financial) relationships between de Villepin and Bill Gates (or other heads of state who do business with Microsoft and Bill Gates). de Raadt's strident message in this OpenBSD thread is on-topic, on-target, clearly written, precise, and perfectly appropriate. We need more such language in the pursuit of software freedom. I would have hoped that /. readers, being overwhelmingly computer users who probably receive very little respect in their own work regardless of how they dress, would be more inclined to weigh someone's message, not their appearance.
Digital Citizen
*IF* the company's corporation is U.S. based, then nearly all crypto is easily exported these days. Even RSA.
If you make a new cryptographic method in the US, (not PKI/RSA/etc, not AES/DES, not known hashing) then your system will probably require review before export approval. This is not most crypto though.
No, you can't send it to Cuba or other countries declared bad for whatever reason, but you can export crypto from the U.S. to most places in the world easily.
The vendor's spooky "if" scenarios are a pathetic attempt to justify collecting personal information.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Do you honestly believe personal achievement gives a person license to be petty and immature, or are you just baiting me?
I'm not baiting you. I'm just stating that if someone does more than the average person is willing or able to do he can go crow about it a bit.
As in... If a scientist cured AIDs or cancer tomorrow, he can kick a puppy or two and we should be able to look past that.
This is of course relative to your position on absolute and relative morality, but if someone does something for me out of his own free will and effor (and it benefits me greatly), he can be as a big of an immature ass as he wants and I'll gladly ignore it and enjoy his product.
However, if you haven't done anything to improve our well being and just complain about others being improper and immature brats... I'm sort of hard pressed to agree with you if that immature brat has done work that has helped many of us as a whole.
Personally, I would like mature, polite, and altruistic people making software for me (and does it out of the kindness of their heart and not a bullshit sales talk to take my money) over an immature one, but sometimes we have to deal with the fact those people don't exist as often as we would like...
I'd like to be proven wrong because that would we live in a better world than I think we do.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Well, we all have our limits. Some people worry, and justifiably so, that their BIOS isn't open. I'm somewhere in the middle in that I use the proprietary NVidia drivers, even though I don't like it. I'd think that everyone, though, would agree that the crypto engine is the absolute last thing you want to cede control of.
Dewey, what part of this looks like authorities should be involved?
I do agree with Theo that if the information is not free, then vendors should not expect OS writers to bend their principles to include it. On the flip-side, I don't want OpenBSD (or any other free OS) to be impacted by stupidity on the part of vendors if there's anything I can do to help.
My only question of Theo and the OpenBSD folks is: Is there anything that those of us who reject Hifn's arguments as absurd and contrary to accepted practices can do to help? (Well, besides not supporting Hifn in any way.)
This is clearly a case where differences in any other opinion should be irrelevent. Theo deserves support on this. Open Source in general deserves support on this.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
And if you had read the threads here you'd notice a lot of people care if OpenBSD supports something, people who don't even use OpenBSD check to see if it supports a particular device prior to purchase, since OpenBSD has a very strong stance on free and open , one significantly stronger than the likes of your average Linux project and decidedly stronger than the other BSDs.
You may also have noticed how many people point out that when you are dealing with cryptography or security, you deal with OpenBSD. Hifn's cards are used in several places, but notably in the security field, where OpenBSD lives. OpenBSD users are the target demographic for crypto acceleration cards.
Theo isn't the idiot here, as Hifn obviously cares, they cared enough to talk to the misc@ mailing list and try to get people on their side.
I admit I would rather someone of Theo's importance use a little more diplomatic speach, but I don't bother myself, so why should I hold him to a higher standard than I hold myself?
I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.
One resource that ATI doesn't have enough of is time. They don't have a lot of manpower dedicated to the Linux drivers so there's less effort put into fixing things like this- they're worrying more about piling new exposed features (which is also desired as well...). If there were open source drivers, there'd be a good chance someone like myself would fix the problem in question (I can do this sort of thing, I used to work on the FIRST set of open source Accelerated Drivers (Utah-GLX), which is why I've got a G3 Mac given me by John Carmack (Still in my possession), I've loads of acquaintances from out of Loki Games, and I'm doing work for Linux Game Publishing.)- because I've the skills and I have the time and desire to see it fixed- and the only reason why I've time is that it's a blocker for me to use this laptop I'm posting with as a development machine.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
> But guys like Theo are our public face. What's wrong with that picture?
Nothing.
Change is certain; progress is not obligatory.
Is Hifn's hardware supported in Linux?
Not in the kernel tree, but there is a third-party driver available. My understanding from associates who work with the Linux version is it isn't as feature-rich as the OpenBSD driver, and those who develop on it are also frustrated by Hifn's new policies.
What percentage of their customers rely on OpenBSD support? Who are they more loyal to, Hifn for the hardware or OpenBSD for the OS?
As someone who works for a place that uses crypto cards, I can tell you: we are more bound to the OS than the crypto hardware. There's a lot of different crypto hardware on the market, but if you want to do any kind of hardcore embedded systems development using a POSIX API, there aren't a lot of choices out there.
For all that people accuse Theo de Raadt of being abrasive, singleminded, and ideological, we NEED people like him. It's the de Raadts and the Stallmans, the ones who refuse to back down in the face of corporate and (soon) government pressure, who make the open source movement possible. I think this very same bloody-minded stubbornness is one of the most important things he brings to the table. I admire his convictions and worry about his blood pressure. Theo, if you're reading this: don't give up!
~Eien no Inori wo Sasagete~ Searching for my Hatsumi...