Theo de Raadt Discusses OpenBSD and Beyond 476
emil writes to tell us that NewsForge (Slashdot Sister Site) is running an interview with OpenBSD project leader Theo de Raadt. In the interview Theo explores the upcoming release of OpenBSD 3.9, continuing financial difficulties, and some of the tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back. In related news the Jem Report has an interesting writeup that expounds on widespread difficulties that could be faced if the OpenBSD project continues its downward spiral because of their parallel development of OpenSSH.
Hmm... (Score:2, Insightful)
Damn. I wonder if there was anything [wikipedia.org] they could have done about that?
what a whiner (Score:2, Insightful)
What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
For our work on OpenSSH, companies using OpenSSH have never given us a cent. What about companies that incorporate OpenSSH directly into their products, saving themselves millions of dollars?
No, they haven't been saving themselves "millions of dollars". If OpenSSH didn't exist, people would implement some other free ssh client or switch to a different standard.
If you release something under a FOSS license, figure out your business model beforehand. Of course, Theo actually did: his work on BSD has given him plenty of exposure and celebrity status, which many would consider ample reward for his work, and something he wouldn't have gotten if he had founded a small software company instead. And I'm sure he could (or could have) translated this into consulting opportunities and other business, without even changing the license on anything. But, like many celebrities, it's just never enough.
Re:what a whiner (Score:4, Insightful)
That part wasn't written by Theo, as far as I can tell.
Problem with BSD licencing (Score:4, Insightful)
Re:what a whiner (Score:2, Insightful)
Job interview question (Score:2, Insightful)
(and my interviewer is probably reading this, in which case, "Hi there!")
I said I wanted Dan Bernstein to come out alive, because I actually use his stuff in production as opposed to OpenBSD... but after thinking about it for a while I realised that OpenSSH is perhaps more important that Dan Bernstein's stuff. I mean, Dan never updates qmail and any of his tools... Theo may as well bump him off for all I care.
Re:what a whiner (Score:1, Insightful)
The part he understands, and the part that you do not, is the part that's not written in the letters, but the part that's written into the human soul.
specifically the virtues of responsibility, community, and generosity. especially the least that provide the most.
Re:Sounds almost like a threat (Score:5, Insightful)
Pony up (Score:5, Insightful)
So cut the anti-BSD crap and get over Theo's personality for like 10 seconds and pony up. Some day you'll be glad you did. If for no other reason, do it in your own best interest.
It's not about code but MONEY (Score:5, Insightful)
Theo is NOT talking about code. He couldn't care less about the code!
He's talking about MONEY. OpenBSD and OpenSSH need money to pay Theo's (and other's) income, bandwidth, servers, etc. How does the GPL help when you need money? It does NOT help!
Re:Hmm... (Score:4, Insightful)
Subsequently, their moaning about how their self-inflicted mortal wounds hurt horribly is going to rightfully fall on deaf ears, if they are lucky, or will become a butt of jokes, if they are not.
This is what happens if someone is given good advice not to drive their car off the road and into a bog and which they derisively reject and proceed at "what can possibly happen?"-speed into the mud. Following which they sit on top of their sinking vehicle, far into the swamp, waving frantically and complaining loudly about "selfish" people who fail to stop to pull them out of there. So that they can ignore good advice, as soon as rescued, derisively, again.
I say onto Theo: Tough Cookies! You made your bed, you sleep in it! Perhaps placing product placements into the BSD code or performing in a clown outfit at conferences will bring the required revenue, now that the commercial interests do what you have always encouraged them to do: take, take and take ... whatever they can get in return for as least as possible. Its called "business", Theo. Look it up sometime.
Well, (Score:5, Insightful)
"Free" is an illusion.
When we use "free" software, we pay for it one way or another. Time or money, and, no, time is not money.
Money is green stuff that you through around on the crops to make things grow, as somebody in some famous musical once said, quoting somebody else, I'm sure. When you collect too much money in one place, it goes fetid.
Time is the true currency, although too much time can go fetid as well.
The licenses are gentlemen's agreements. It's a trade of time for time, with rules of courtesy. (EULAs are _not_ gentlemen's agreements, I am not taking about those licenses, they don't deserve to be called licenses.) The licenses form the ground rules for the community that forms around the software. It's very much like the old guilds, although much more open in a very good way.
With the GPL, some of the rules of courtesy which are important for maintaining the infrastructure of the guild are explicit. We might assume that this is because Stallman is a cynic, or because he is a realist, but must people are still confused and think he is an idealist.
With the BSD license, the rules are implicit, derived from the external society, the (Christian, though not entirely uniquely so in the current view of history) principle of casting one's bread on the water. It is expected that the waters will bring the bread back, multiplied. And this is where things have broken down.
Even under the BSD license, the rules of giving back are natural laws, and are not suspended. Humans whose primary product are sales presentations have no idea that they have to give back or the resource will be depleted. Stallman recognized that, Theo has not yet.
People have to be reminded to be courteous, and that's why an idealist and general nice guy like Theo ends up making enemies. The license doesn't remind people, so he has to spend his energy reminding them.
Putting new source under GPL would be one solution, but, as is well known, it is not one that can really be considered yet. A new modified BSD that contains a non-binding reminder that the resources don't renew themselves may be what's in order right now.
Let's Add Some Context Here (Score:5, Insightful)
OpenBSD has done good work & currently depends on receiving financial donations. Enlightened companies should notice that OpenBSD needs some funding right now & that it would be cheaper to fund them than to have to adopt the support and development of the OpenBSD products they use.
Re:Anti-Theo sentiments are muddying the point her (Score:1, Insightful)
It is as simple as this: OpenBSD is not asking for everyone to just get along with them and not pick on them. If they were, they would be meeting with a much better response. They are asking for money. People tend to have somewhat higher standards of someone who approaches them asking for money than they do the rest of the time, especially when that person is mostly asking for that money to fund a product that most of us don't want or use. The OpenBSD project can't continue to support SSH development on their own? Well, honestly my first response is "well, then let's find someone who can". It has not been at all made clear to me why OpenSSH development is not a task which can be continued by someone else, nor why OpenBSD development must necessarily be tied to OpenSSH development.
Your bizarre comparison to high school social dynamics is a complete non sequitur and I think says more about your mindset regarding the situation than it says about the actual situation itself.
Re:what a whiner (Score:5, Insightful)
What are you talking about? People use OpenSSH because it's by far the best out there. Nobody is locked into using it, the specs are open, anyone can code a replacement. It's just not easy to produce something of the same quality and security as OpenSSH. People are locked into Windows because of proprietary file formats and closed source applications; how is that in any way similar to OpenSSH?
But, like many celebrities, it's just never enough.
Sorry. CELEBRITIES? Hmm.. yeah sure, Theo is a celebrity. I'm sure he has paparazzi knocking on his door every day.
Sure Theo can be abrasive, but it's weird to see how gleefully people at the receiving end of his charity will attack him. It's always easy to be an armchair critic.
Re:BSD vs GPL is not relevant (Score:5, Insightful)
Yes it is, as a part of a very long list of good advice he received over the years on a lot of things, and all of which he proceeded to sneer and snicker on, as only Theo can. DARPA's help is just one item on that very, very long list.
Re:I love OpenBSD (Score:5, Insightful)
Re:BSD vs GPL is not relevant (Score:4, Insightful)
Oh, really? You mean it does not depend on what the purpose of the project is?
In general under open source the money is in consulting, not in the development.
Oh I see, making money for Theo was the whole idea of OpenBSD? NOW you tell us!
A BSD based project is more likely to get inside a corporation and possibly more likely to create consulting work.
Which is a good thing if you are planning to make people appropriate, modify and sell your code while not letting you look at it ever again, in hopes that somehow your celebrity status will make some of them hire you.
Whether a project is BSD or GPL, if someone doesn't want to code themselves, they can hire others to do the work.
True enough, that is why BSD offers no advantage over GPL in this area.
The only difference is whether that work goes back to the community at large and for the company that needed specialized changes that is irrlevant and it may even be counterproductive to the company.
Which, in most cases, as Theo is finding the hard way, is the only type of return expected from commercial involvment in your project. Hoping to get hired by someone using your code is wishful thinking in vast majority of cases. GPL folks understand that, and operate accordingly.
The GPL is not some magic pill. We've seen numerous GPL based projects in financial trouble and begging for donations around here as well.
Of course it is not. But it was never its purpose. The purpose of GPL is to ensure that regardless of who is using or contributing to the code, and regardless of financial circumstaneces of a project, the code remains the property of the community and cannot be stolen and then sold back to us. That is all.
Re:Problem with BSD licencing (Score:3, Insightful)
It's not so ancient: "Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved". An this code remains at the heart of the *BSD projects.
Morality is individual, so were you talking about a person it would be their choice as to what their morality is. As you're discussing corporations, they inherently and as required by law are entirely amoral.
Completely false. They are permitted by law to be amoral in some respect, they are not required to be. A corporation can choose to act in a moral fashion. In any case Apple satisfies the "open source morality" issue since they have also made recent contributions, for example their formerly closed source HFS+ code.
The thing to me that most sucks was that Stallman and the BSD folks basically made a bet on human nature. The optomists are losing badly.
Untrue. We've seen various GPL based projects in financial trouble and begging for donations as well, including Linux distributions. Also, in general profit with open source is often said to be from consulting. Whether a project is GPL or BSD based has little effect, you could even argue that BSD has an advantage since it is easier to get into a corporation and a corporation may not want to share the changes they paid for.
Re:what a whiner (Score:5, Insightful)
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.
Dear friend, herein lies the indelible mark of your misunderstanding of the free software _Movement_, and will live on even after you are dead and gone.
The help he is asking is pocket change for the companies which use OpenSSH. For the work done in making it compatible with major projects of those companies. __If you read the article__ you will also note how IBM sends customer complaints to the OpenSSH team. And how Sun refused to pay for travel!
I find it painful.
OpenBSD must grow up (Score:2, Insightful)
Theo is a brilliant engineer, but he has no tact and (seemingly) no restraint. If he allows a more diplomatic member of his team to act as a buffer and sounding board in relations with the press and sponsors, he might avoid burning some bridges in the future.
I'm not saying OpenBSD needs a change in direction, policy, or anything like that. I just think that Theo needs to find a way to stop kicking people in the balls any time he has a knee-jerk reaction.
Re:Job interview question (Score:5, Insightful)
Was it me, you would have found out that it takes only 0.3 seconds to have a horrible accident with your coffee spilling all over your lap. Applogies and all that, why, I am just such a horrible klutz!
Joking aside, but that sort of question would have me thanking you for the lovely opportunity to get interviewed by you, followed by a mental note not to ever do business with you, under any circumstances.
Has it ever occured to you that these types of smart-ass, self-congratulatory questions, main purpose of which is to show who is the smart alpha-dog in that interview room, are absolutely useless in ascertaining someone's workplace abilities? Oh, what am I talking about, if it had, you would not be asking that and all the other ridiculous "logic" puzzles I am sure you are inflicting on your poor hapless, victims ... err ... applicants.
Re:what a whiner (Score:5, Insightful)
I'm sure you're right, it's not like we wouldn't have another SSH client, but would it be as good? The fact is that Theo and his team writes really good, really secure code. Someone who does security "for fun" is very rare and valuable. Most developers are quite naturally more interested in cool features than tedious code review.
Re:Well, (Score:3, Insightful)
You imply that things have broken down because the bread never came back, but I would point out that the broken part was expecting it to.
I write software and release it under the BSD licence because I dont care to lock it up. I dont care if somebody makes millions out of it, I wrote it because I wanted to, and released it because I wanted to.
My opinion is that if the BSD licenced OS project that I am using goes belly up, it doesnt really matter. The code is still there and the people who write it are still here (if not the original ones, new programmers are born every minute) and the principle is still here. BSD4.4 is dead, but XxxBSD is not. If XxxBSD dies, YyyBSD will come along shortly.
Now, I can see Theo's point about companies not giving anything back, but that is simply their bad karma and one day it may bite them.
Re:Iff..... (Score:3, Insightful)
http://lists.debian.org/debian-devel/2002/03/msg0
It's not like the whole linux world would fall apart if there was some more
string functions which would not go ape on weird inputs.
I know strl*() isn't a magic bullet to prevent all kinds of badness, but they
really can't be worse than the same functions without bounds checking.
Still, better to bash some BSD...
Fork it! (Score:3, Insightful)
Re:Fork it! (Score:5, Insightful)
Then people wonder why de Raadt behaves the way he does. When I read this post, my first reaction was to send you to hell with enough bad language to put you in a first class seat. Maybe that's why de Raadt gets his stigma, by not taking a pause from his first reaction.
So you want to know that the money you give would go directly to support OpenSSH? According to de Raadt, there are six developers that focus on OpenSSH. These developers also work on other aspects of OpenBSD. What exactly do you want them to do? Divide your money between the six of them according to how many hours each works on OpenSSH? Do you want them to have separate network connections and hardware, and pay for it with your donation? How do you compensate the other OpenBSD developers when their ideas and contributions inevitably end up in the OpenSSH codebase?
The OpenBSD developers are a group of people working together. OpenSSH is the fruit of their work. The way to contribute directly to OpenSSH is to contribute funds to its developers. That's exactly what contributing to OpenBSD does, because the developers of OpenBSD and the developers of OpenSSH are one and the same.
So contrary to your second sentence, you have every interest in supporting OpenBSD. Saying otherwise is a disingenuous and pathetic attempt at justifying your reluctance to reward the people whose work you claim to respect.
Is it bad business sense if it's done anyhow? (Score:2, Insightful)
> support the project at a fraction of what it would cost to develop the same code
> in-house.
I disagree. If the company pays the OpenBSD team, the code gets written, but if it does not pay, the code still gets written. As long as the OpenBSD team is writing code without requiring payment, it makes far more sense for the company to not pay. After all, what's the point? Only in the free software world is there that "giving back" mentality. In the business world, nobody pays for what they already get free.
Now, if OpenBSD team stopped development due to financial difficulties, would it make sense for a business to pay them to resume? Perhaps. But a typical manager would make a different choice; he would hire in-house programmers to fork the project and continue development without sharing the source. A good manager does not give away what he dearly paid for.
> It is ridiculous that Sun wouldn't even cover the travel expenses
> of an OpenBSD developer to go their conference
Why would Sun want to go out of their way to have a competitor come to their conference?
Re:Hmm... (Score:2, Insightful)
From the link you provided:
And they wonder why they don't get any support.
Bravo; you've made the most secure operating system available today. But, then, you have this firmly held belief that the rest of the world owes you something? That you're gracing the rest of the world with your glorious presence and regal software? That attitude is not welcome here.
~Will
Re:BSD vs GPL is not relevant (Score:3, Insightful)
Outstanding bullshit. It is *exactly* the opposite!!!
According to Stallman, if I'm a hairdresser or a butcher, I can sell my services, if I'm a programmer I can sell my services too!
The question is that since the hairdresser won't ask you for money each time somebody see your hair, or a butcher will ask you for money when you buy the meat, but he won't ask for more money if you use it to invite your friends (multiuser license), or if you resell it, the programmer should ask for money against their services (coding) but shouldn't add any kind of extortion about further usage of what you coded, just the same the hairdresser or the butcher won't ask for more than the fair value of their services (cutting hair or selling meat).
Re:I love OpenBSD (Score:3, Insightful)
A careful reader of the interviews that come up with Theo occasionally will note that he's pretty good about endorsing the companies who actually support the project. Just in that short interview he mentioned a couple of wifi chipmakers who actually share information. The expectation is that the open-source concerned reader will support those companies in favor of the ones which are mentioned who do not share information.
Past experience suggests that the average Linux kiddie is more likely to take the binary driver and run, particularly if there's game playing to be done. But it seems Theo's doing a reasonable job of supporting the supportive vendors.
Re:Hmm... (Score:3, Insightful)
Jerry A. Taylor, call Theo today! (Score:3, Insightful)
City Manager
Tuttle, OK
Dear Jerry,
you like secure operating systems. So does Theo de Raadt: he loves them!
Please contact Theo directly at *deraadt@cvs.openbsd.org*
Be firm: Theo will help you, but only if you are make it clear that you expect help, and you want it now. (I think that when you contacted CentOS's team, you were sort of beating around the bush. That won't work with the OpenBSD team. Be direct!)
Theo will respect your 22 years of IT experience. And, I think he will be impressed that you worked at Raytheon--wow!
No need to call the FBI to get a response from Theo and his boyz. Enjoy!
--A concerned citizen
Re:Is it bad business sense if it's done anyhow? (Score:3, Insightful)
So while it makes sense on the short-term microeconomic level to not pay anything to a project you use, it makes no sense on the long-term macroeconomic level--just as a single family saving money is a wise investment, all families saving money is a recession.
The optimal solution here is for users to pay some money to projects they wish to use. This is a modest, compromise amount, causing the greatest good in the short- and long-terms, and in the micro- and macroeconomics.
Sadly, it seems that the corporate world (and most of the average user world too) is only too happy to sacrifice long-term gain for short-term gain. So conventional modern business practices would likely be in agreement with your statement.
Let's be Objective about this, was Re:Hmm... (Score:4, Insightful)
Actually, no, he's not claiming that the world owes him something. He's claiming that his act of creation and contribution does not cause him (well, specifically, the OpenSSH developers) to be owe anything further to the people who take advantage of their contribution.
That is an entirely different issue.
"From the beginning of history, the two antagonists have stood face to face: the creator and the second-hander. When the first creator invented the wheel, the first second-hander responded. He invented altruism.
"The creator - denied, opposed, persecuted, exploited - went on, moved forward and carried all humanity along on his energy. The second-hander contributed nothing to the process except the impediments. The contest has another name: the individual against the collective." - Howard Roark [davehong.com] in The Fountainhead [amazon.com] by Ayn Rand [wikipedia.org].
Re:Hmm... (Score:3, Insightful)
No, his point is that he's not being paid for this, so people should stop treating him like an employee. Part of the freedom of writing FOSS code is that you don't have to bend over backwards to accomodate people, because they aren't paying customers. If somebody thinks some software I wrote should have some feature, or should work in a certain way, and whines because it doesn't, I can tell them to take a hike, because I provide the software at my whim and convenience. If I'm a good, conscientious developer, then I'll listen and add their request to the "future directions" list, but I certainly don't have a mandate to do so.
To paraphrase Al Capone [quotedb.com], "You can get better support with polite e-mail and a $100 check than with polite e-mail alone".
Grow up! (Score:3, Insightful)
Since it's obvious that many here haven't actually read what they're flaming about, here's the last question of that interview:
Sounds completely reasonable -- just calling a spade a spade and not trying to sugar coat anything.Re:Oh really? (Score:3, Insightful)
Malloc
Re:Classic Theo de Raadt (Score:3, Insightful)
If you disagree with his point, how about stating why you think it's wrong rather than just bitching about 'classic theo'.