Sorry, you are sorely mistaken. Please see my letter at The OpenBSD Journal. I hope you are simply misinformed on the issues. A real effort was made to contact and communicate with the registrant of openssh.org, but no progress was forthcoming. It was with great dismay that the tactic that has been taken was taken. Please do not suggest otherwise. Thanks.
I have a log file from a chat sesssion starting '10/24/99 5:27am' and ending '10/28/99 6:18pm'. Within this chat session I pasted the following:
<fries> Whois Search Results <fries> Search again: <fries> Whois Server Version 1.1 <fries> Domain Name: OPENSSH.ORG <fries> Registrar: NETWORK SOLUTIONS, INC. <fries> Whois Server: rs.internic.net <fries> Referral URL: www.networksolutions.com <fries> Name Server: NS2.KYARITSU.COM <fries> Name Server: NS1.KYARITSU.COM
So I know it was prior. I think you should use the same whois server when doing your query. Otherwise you're comparing apples to oranges. Try using whois.internic.net and you'll see that this person registered the domain 9 days before I registered OpenSSH.com...
Domain Name: OPENSSH.COM Registrar: CORE INTERNET COUNCIL OF REGISTRARS Whois Server: whois.corenic.net Referral URL: www.corenic.net Name Server: CVS.OPENBSD.ORG Name Server: NS0.FRIES.NET Name Server: ZEUS.THEOS.COM Updated Date: 25-oct-1999
Domain Name: OPENSSH.ORG Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: www.networksolutions.com Name Server: NS2.KYARITSU.COM Name Server: NS1.KYARITSU.COM Updated Date: 15-oct-1999
Please get your facts straight before suggesting that I fell asleep and that I don't know what I'm doing when I determined that the OpenSSH.org domain was registered back in October when I attempted to register it and the domain registrars told me so..
BTW, just because the person who contributed the registration money is in Peoria, IL, that does not by any means suggest the project iself is located here.
Right on! Not to mention the fact that if you read the OpenSSH.ORg web page you will note that it states 'free ssh implementations go to www.freessh.org' and stating "OpenBSD' OpenSSH implementation goto www.openssh.com"
.... now you tell me.. what is that implying to you? Ironically, the most freely available OpenSSH license can be found at www.OpenSSH.com.
Can someone explain to me this doesn't mean what it implies?
Interesting concept. Did you even bother to suggest that the web page be changed before you started openly flaming a volunteer effort here?
Here's a thought for you. Most of your networking package, daemons, standard rpc and telnet and ftp and etc came originally from... bsd!
So do you condone the BSD world for not supporting Linux in their source trees? What on earth would ever entice them to do so?
If you consider it 'not nice' to provide a link to an existing usage of the OpenSSH program, what do you expect to happen from your statements? I daresay that any contribution to the source will be credited in the commit message, the typical way of giving credit in any BSD project. If no contribution from that Linux port was given back, why should you be complaining?
As for the suggestion that pam is a unix standard, well, as far as I'm concerned it is typical of 'blind and free' software advocates views. Have you ever looked at the pam sourcecode? It is a mess. A hideous mess. On top of that it is hard to figure out and even harder to implement a new module. And you TRUST this convoluted mess as your authentication standard? Any clues as to why BSD has chosen to use the 'true' unix standard POSIX libc functions as their 'standard' authentication library?
Since OpenBSD is the only distribution I know of that has the ability to ship with a package in the core os that is encrypted like it is, why the problem with the fact that you have to download and do your own custom patch each time you want to update the OpenSSH you have? BSD has been doing this for years with a system called 'ports'. 'make install' in the proper directory, and files download themselves, patches apply themselves, source builds itself, and without further interaction the package has been upgraded. It's not a new concept is my point, and I don't understand how you can suggest it is worse than trivial to accomplish.
If OpenSSH hosts any packages, and they refused your particular author's package, that would be one thing. But do you see a 'list of downloadable packages' on the web site? I don't. I see a reference to where the source is and the first os that is going to ship with the software, as well as a reference to every other os that has implemented packages of the software. How in this planet can that be anything but fair?
If anyone wishes to contribute and improve the OpenSSH that is freely available, without tainting its freely available license, I cannot imagine it would be unwelcomed. This implies implicit activity on the behalf of the contributor, not on the OpenSSH development team whos jobs are not defined as 'go digging through all packages created from OpenSSH to detect any potentials for contribution'..
As for the complaint about being BSD oriented, well, apparently that is not something that cannot be overcome, it works fine in Linux as many fine individuals will attest, and it may even suggest more secure ways of programming (mkstemp anyone?).
Lastly, I suggest you get yourself an attitude check. You do the free community a dis-service by dissing some very hard working developers who have provided you with a freely available product. Guess what freel avilable means? If you don't like it, you have the source. It does not mean if you don't like it you have a right to complain until things go your way. You could always grab yourself a copy of OpenBSD, pay secnet.net for support, and whine at them waving your money till you are satisfied, but I doubt your money is where your mouth is.
re psst.. I'm sure any contributions from psst would be welcomed, and I'm sure psst can read the license and note they're welcomed to any code in the OpenSSH tree, but a merger I doubt would occur, considering the different audiences each is addressing.
re sshv2 protocol, it is a freely available spec, and as such, has potential to be implemented in OpenSSH (although has not yet been done). The initial thrust of OpenSSH was to have something equivalant to and compatible with ssh-1.2.x in OpenBSD 2.6, and that has certainly been accomplished. It is certianly not illegal to implement it in a free product; that the commercal 'ssh2' program costs something is the company charging for their programmers, not the protocol.
While the incident with 1.2.27's security bug doesn't necessarily suggest OpenSSH is more secure in general, it does seem interesting to note that in the code cleanup of creating OpenSSH, the bug was accidentally fixed. Hats off to the programmers who have a high enough standard of coding that they accidentally fix bugs:-)
ClosedSSH has superior algorithms? I implore you to back your statement with facts. Last I checked, the algorithms available in OpenSSH are limited to those in the crypto library, and there may be less algorithms in OpenSSH than ClosedSSH because of this, but why include the insecure ones?
Beware of two things. First, I'm not a lawyer. Second, I believe my understanding of the crypto laws suggests if you compile it outside the us, you can use it outside the us, if you compile it inside the us you can't ship it outside the us, and if you use it in the us, you can't use an alternative to rsa's library if you wish to use that particular algorithm, which at this time requires commercial entities to talk to rsa for licenses. I think. Someone maybe should confirm this though.
Read the man page for logging in from a particular ip without a password. Look for.shosts.
Broadband wireless? I thought that is what www.teledesic.com was doing. Oh wait, its founders include Bill Gates. Eeek. Nice interesting technology outside that fact, however.
Interesting. Might you be from theos-software.com?
Explain who in their right mind, having purchased something with full intentions of using it for their own purposes, would want to give it back for a measley amount of money?
Last I checked, you bought it, it was yours. Do people come and demand that you sell them your license plates because it happens to be something they want? Comeon, get real, get a life.
Giving 'theos-software.com' a break means that ownership means nothing, and the first come first serve legacy of domain names is to be forever lost to the greed of an individual or company that says 'gimme'.
There's a behavior children embark upon that resembles this. It's called bullying and being mean and being jealous and doing anything to get what the other guy's got no matter how many dirty tricks must be played to get it.
Wow, theos-software.com lawyers must cherish childhood!
Slashdot Mirror
Sorry, you are sorely mistaken. Please see my letter at The OpenBSD Journal. I hope you are simply misinformed on the issues. A real effort was made to contact and communicate with the registrant of openssh.org, but no progress was forthcoming. It was with great dismay that the tactic that has been taken was taken. Please do not suggest otherwise. Thanks.
I have a log file from a chat sesssion starting
...
'10/24/99 5:27am' and ending '10/28/99 6:18pm'.
Within this chat session I pasted the following:
<fries> Whois Search Results
<fries> Search again:
<fries> Whois Server Version 1.1
<fries> Domain Name: OPENSSH.ORG
<fries> Registrar: NETWORK SOLUTIONS, INC.
<fries> Whois Server: rs.internic.net
<fries> Referral URL: www.networksolutions.com
<fries> Name Server: NS2.KYARITSU.COM
<fries> Name Server: NS1.KYARITSU.COM
So I know it was prior. I think you should use the same whois server when doing your query. Otherwise you're comparing apples to oranges. Try using whois.internic.net and you'll see that this
person registered the domain 9 days before I registered OpenSSH.com
Domain Name: OPENSSH.COM
Registrar: CORE INTERNET COUNCIL OF REGISTRARS
Whois Server: whois.corenic.net
Referral URL: www.corenic.net
Name Server: CVS.OPENBSD.ORG
Name Server: NS0.FRIES.NET
Name Server: ZEUS.THEOS.COM
Updated Date: 25-oct-1999
Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999
Please get your facts straight before suggesting
that I fell asleep and that I don't know what I'm doing when I determined that the OpenSSH.org domain was registered back in October when I attempted to register it and the domain registrars told me so..
BTW, just because the person who contributed
the registration money is in Peoria, IL, that does
not by any means suggest the project iself is
located here.
Right on! Not to mention the fact that if you read the OpenSSH.ORg web page you will note that it states 'free ssh implementations go to www.freessh.org' and stating "OpenBSD' OpenSSH implementation goto www.openssh.com"
.... now you tell me .. what is that implying to you? Ironically, the most freely available OpenSSH license can be found at www.OpenSSH.com.
Can someone explain to me this doesn't mean what it implies?
Interesting concept. Did you even bother to
... bsd!
..
suggest that the web page be changed before you started openly flaming a volunteer effort here?
Here's a thought for you. Most of your networking package, daemons, standard rpc and telnet and ftp and etc came originally from
So do you condone the BSD world for not supporting
Linux in their source trees? What on earth would ever entice them to do so?
If you consider it 'not nice' to provide a link to an existing usage of the OpenSSH program, what do you expect to happen from your statements? I daresay that any contribution to the source will be credited in the commit message, the typical way of giving credit in any BSD project. If no contribution from that Linux port was given back, why should you be complaining?
As for the suggestion that pam is a unix standard, well, as far as I'm concerned it is typical of 'blind and free' software advocates views. Have you ever looked at the pam sourcecode? It is a mess. A hideous mess. On top of that it is hard to figure out and even harder to implement a new module. And you TRUST this convoluted mess as your authentication standard? Any clues as to why BSD has chosen to use the 'true' unix standard POSIX libc functions as their 'standard' authentication library?
Since OpenBSD is the only distribution I know of that has the ability to ship with a package in the core os that is encrypted like it is, why the problem with the fact that you have to download and do your own custom patch each time you want to update the OpenSSH you have? BSD has been doing this for years with a system called 'ports'. 'make install' in the proper directory, and files download themselves, patches apply themselves, source builds itself, and without further interaction the package has been upgraded. It's not a new concept is my point, and I don't understand how you can suggest it is worse than trivial to accomplish.
If OpenSSH hosts any packages, and they refused your particular author's package, that would be one thing. But do you see a 'list of downloadable packages' on the web site? I don't. I see a reference to where the source is and the first os that is going to ship with the software, as well as a reference to every other os that has implemented packages of the software. How in this planet can that be anything but fair?
If anyone wishes to contribute and improve the OpenSSH that is freely available, without tainting its freely available license, I cannot imagine it would be unwelcomed. This implies implicit activity on the behalf of the contributor, not on the OpenSSH development team whos jobs are not defined as 'go digging through all packages created from OpenSSH to detect any potentials for contribution'
As for the complaint about being BSD oriented, well, apparently that is not something that cannot
be overcome, it works fine in Linux as many fine individuals will attest, and it may even suggest more secure ways of programming (mkstemp anyone?).
Lastly, I suggest you get yourself an attitude check. You do the free community a dis-service by dissing some very hard working developers who have provided you with a freely available product. Guess what freel avilable means? If you don't like it, you have the source. It does not mean if you don't like it you have a right to complain until things go your way. You could always grab
yourself a copy of OpenBSD, pay secnet.net for
support, and whine at them waving your money till you are satisfied, but I doubt your money is where your mouth is.
re psst .. I'm sure any contributions from psst
:-)
.shosts.
would be welcomed, and I'm sure psst can read the
license and note they're welcomed to any code in
the OpenSSH tree, but a merger I doubt would occur, considering the different audiences each
is addressing.
re sshv2 protocol, it is a freely available spec,
and as such, has potential to be implemented in
OpenSSH (although has not yet been done). The
initial thrust of OpenSSH was to have something
equivalant to and compatible with ssh-1.2.x in OpenBSD 2.6, and that has certainly been accomplished. It is certianly not illegal to implement it in a free product; that the commercal
'ssh2' program costs something is the company
charging for their programmers, not the protocol.
While the incident with 1.2.27's security bug doesn't necessarily suggest OpenSSH is more secure in general, it does seem interesting to note that
in the code cleanup of creating OpenSSH, the bug
was accidentally fixed. Hats off to the programmers who have a high enough standard of coding that they accidentally fix bugs
ClosedSSH has superior algorithms? I implore you to back your statement with facts. Last I checked, the algorithms available in OpenSSH are
limited to those in the crypto library, and there
may be less algorithms in OpenSSH than ClosedSSH
because of this, but why include the insecure ones?
Beware of two things. First, I'm not a lawyer. Second, I believe my understanding of the crypto laws suggests if you compile it outside the us, you can use it outside the us, if you compile it inside the us you can't ship it outside the us,
and if you use it in the us, you can't use an
alternative to rsa's library if you wish to use
that particular algorithm, which at this time
requires commercial entities to talk to rsa for
licenses. I think. Someone maybe should confirm this though.
Read the man page for logging in from a particular ip without a password. Look for
Broadband wireless? I thought that is what
www.teledesic.com was doing. Oh wait, its
founders include Bill Gates. Eeek. Nice
interesting technology outside that fact,
however.
Interesting. Might you be from theos-software.com?
Explain who in their right mind, having purchased something with full intentions of using it for their own purposes, would want to give it back for a measley amount of money?
Last I checked, you bought it, it was yours. Do people come and demand that you sell them your license plates because it happens to be something they want? Comeon, get real, get a life.
Giving 'theos-software.com' a break means that ownership means nothing, and the first come first serve legacy of domain names is to be forever lost to the greed of an individual or company that says 'gimme'.
There's a behavior children embark upon that resembles this. It's called bullying and being mean and being jealous and doing anything to get what the other guy's got no matter how many dirty tricks must be played to get it.
Wow, theos-software.com lawyers must cherish childhood!