Hifn Restricts Crypto Docs, OpenBSD Opens Fire 304
Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."
Re:By my math... (Score:3, Interesting)
That would be fine if they were writing homebrew XBox games. Maintainers of major operating system distributions, on the other hand, have to be very careful about complying with licenses.
And did you even read the email? Hifn wants de Raadt to play along and pretend that their docs are open. They think that they deserve special treatment over all the other manufacturers in the industry, probably in order to collect data to sell on to marketers.
Is that worth throwing a hissy fit over? No, but then your choice of phrase is poor, and gives away how little attention you payed to the content of the email itself. It's certainly worth telling Hifn to go screw themselves over, which is what de Raadt is doing.
Personal Info == Legal Tender (Score:5, Interesting)
From Theo's response:
Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source. This position may currently be confined to OSS in general and the HIFN question in particular, but it's not difficult to imagine this argument generalized to apply to any situation in which an entity requests personal information. Personal info needs to be treated as the valuable commodity that it is...kudos to Theo for taking a stand on this issue.
Theo also addreses something many of us here are worried about:
Even disregarding the 'personal info == currency' argument outlined above, this objection stands on its own. HIFN is basically stating that yes, the info gathered will be handed over to the U.S. government on request, to satisfy their licensing requirements. This alone is a deal-breaker.
Theo sums his entire argument up beautifully here:
Well said, Theo. I for one don't care to support a company who engages in such practices, and I would rather see no support for a product than half-assed support, because the driver writers were not allowed full, unfettered access to the data sheets.
And finally from Theo's response:
Don't just say it, Theo, do it. If you stand by your statement, then HIFN has no place in the source tree, and should be deleted immediately.
Re:Export regulations? (Score:2, Interesting)
I'll be the first to admit I may be missing something obvious, but would genuinely appreciate being told what it is. In affable tones, if it's not too much to ask.
Re:Export regulations? (Score:2, Interesting)
It does raise an interesting point, should you effectively boycott a company because of the restrictions the government puts on it?
Would that not be... (Score:5, Interesting)
Would that not be on documentation that explained exactly how the chip worked and not just how to send and receive bits from it?
If this is the case with HIFN, why do some other hardare companies in the same field not have the same restrictions?
There was a good comment made later in the thread:
Perhaps you can talk to your legal counsel and actually break out the documentation needed for these open source drivers into a separate and truly open to the "general public" anonymous download site. I doubt that the documentation that is being requested by developers is putting you in violation of US Export Regulations
....snip....
I understand it's very easy these days for attorneys to just say put everything behind your registration only access extranet to be safe. This is not acceptable and, in my opinion, is not open to the general public like you stated.
That sums up my thoughts much more succinctly.
Re:Oh for pity's sake... (Score:4, Interesting)
How would this violate U.S. Export Licenses
It wouldn't. Exporting documentation...even source code...is protected as Free Speech, provided the export is in book format.
From this article [goingware.com]:
If you can export PGP source code without violating U.S. export restrictions, I'm betting you can export data sheets too. Therefore, HIFN's argument is invalid.
"50 personal questions"? (Score:3, Interesting)
Re:Theo (Score:5, Interesting)
The problem is that Manufacturers seem to have the idea that they can dictate terms to the people who produce software to run on their hardware. Unfortunately, In the majority of cases, that appears to actually be the case.
The insulting thing in the original email was that he should be expected to comprimise his principles to support other people's profit, and as he is *not* being paid by Hifn, I personally see that it is well within his rights to not support the hardware in question.
Perhaps if you went up to some Civil rights protestor in the 1960's and said that this entire equality thing was a bit silly, and they should just accept these limitations, because its convenient for the asker, you may get a similar response.
Yes, i know this is a bit contrived, however, its worth noting that there are people who consider this sort of thing a matter of Civil rights. The right to be able to do whatever you want with the electronics in your computer, as opposed to what someone you have never met tells you.
Some people do consider this sort of thing a huge insult, and if putting it in plain language offends you enough that you dont use open source software, then i feel sorry for you. Your missing out on a lot of great software written by people who love what they do, however thats your choice.
Gotta be some restrictions even on book format (Score:4, Interesting)
Re:Go Theo-Batter up. (Score:5, Interesting)
OS developers' desires for unfettered acces, etc. No personal info should need to be given to a
vendor unless he's entering into a sales relationship with them. Honestly- too much risk of Identity
Theft through this sort of thing.
Seriously, I'd have to agree with him on this one- and I'm from the Linux camp and would be driving
sales into that segment very shortly. I'd be making a big stink about it too. And what's sad about
all these vendors is that they're doing nothing but pissing off the people that'd be helping them
sell chips.
In reality, the vendors are doing this because idiot IP lawyers tell them to do so. There should
be no IP revealed in the systems interfaces to a device. It should be the silicon equivalent to
an API. If there is IP honestly revealed, then you've got something new, and the patent itself
should be sufficient to protect it. If you're trying to hide a design flaw by not revealing info-
don't. You should design devices with interfaces that make sense and are system safe or can be made
so with the right device driver code.
Keeping it secretive helps nobody in reality. For example, ATI's drivers work adequately on the
desktop space but are less performant on at least part of the laptop line under Linux- because of
a design/coding flaw in the closed source drivers. I can't reccomend anyone get a laptop with an
ATI based display because they just don't seem to work as well. If someone had source code and
technical data access they could most likely fix the problems in question- unless the chip had a
design hickey. Even then, unless it's something that would compromise security, it should be
able to be coded around- Windows drivers can do Sideport memory correctly, why can't the Linux
support do the same thing?
At any rate, I believe I've drifted from the conversation... Yes Theo's got a niche play- but
in the segment that Hifn's in, it's an important one all the same.
Re:By my math... (Score:1, Interesting)
To be honest, I personally wouldn't have much confidence in a piece of crypto hardware made under the Bush administration anyway
Re:Theo (Score:5, Interesting)
Looking at the NetBSD issue, Theo was bitching about developers who kept introducing security holes - I dunno about you, but I'd bitch slap people who keep introducing security holes too, else you end up with something like Windows.
Re:Abusive much? (Score:4, Interesting)
True, but on the other hand, Theo really does have the upper hand on this one. If I can't use those cards under OpenBSD, I won't buy them. If I can, I probably will (because I could actually use some of that functionality in my VPN servers). Since I suspect a large part of their potential client base is in the same situation, it'd be in their best financial interests to go meet Theo's (reasonable) requests and stay stop arguing the point.
Re:By my math... (Score:2, Interesting)
similar story with any vxWorks (commercial real-time system) docs. i suspect that WRS deliberately hunts all message boards/servers keeping any information/comments related to the OS.
another example is WinCE from MS. try to find any negative comment about the OS on the NET.
Re:Give it a rest, Theo. (Score:4, Interesting)
HIFN might make their documentation available to the (USA) public,
but if it is released under restrictive NDA language, it is hardly "OSS-
friendly". Is OpenBSD supposed to bundle binary-only drivers, with
the MS-inspired adage "Trust us, we know what's best for you?"
I think not!
Imagine your level of trust in OpenBSD drivers that you cannot even
see the source code to, let alone be forced to go back to the OEM for
man / info pages. HIFN has far exceeded any legal requirement that
USA Export Control regulations impose, and Theo has rightfully called
them out for their current nonsensical position. This is not about HIFN
furnishing proprietary SystemC or ERDA(?) data that would reveal the
construction of the chipset or the crypto algorythms involved -- this
is about data on how to fully interface to the chipset's I/O. There is
no valid reason for OpenBSD (or any other open source OS) to continue
to support HIFN. In fact, I woudn't mind seeing kernel code included that
would fail to build with HIFN support, sort of like has been discussed on
regarding locking out the SCO OS.
Go Firefox extension Bug_me_not (Score:2, Interesting)
Re:Can hifn comply with OpenBSD's demands? (Score:3, Interesting)
Re:Indeed (Score:1, Interesting)
No it won't ruin Hifn, but it will cost them.
Re:Theo (Score:4, Interesting)
Yeah, "we" had a lot of that stuff (the Mossad was the world expert on killing people via cell phone), it's just that at that time the US hadn't attacked and occupied Iraq, so those things mostly weren't happening to Americans.
Consider it a neccesary evil of sorts. Not our fault, just a result of terror.
You're right that it's an evil, but it's not necessary. You don't think "bad people" can get copies of the data sheets? That's stupid. I can think of half a dozen ways to get the info, and you probably can too. Besides, you can't build a bomb from a chip data sheet. And on the other side of the coin, there is absolutely no reason to believe that the information will be used only for export control. Or, as far as that goes, even for legal purposes, since Bush has made it clear that he views himself and his security forces as above the law.
People who put their life on the line (IEDs) while you confortably sit back and code.
I feel terrible about that. But the thing is, they're not doing it for me (whatever they may think), because Iraq never was a threat to me. Bush & Cheney didn't invade Iraq because of terrorism, they did it for political reasons. And they didn't do it to "free the Iraqis", because there are any number of other countries whose governments are even more oppressive, but remain unattacked.
Before the attack, Iraqis lived under a thuggish dictator who killed thousands. They also had electricity, women could work outside the home, and they could drive their cars without fear of being stopped and killed at some random checkpoint or machine-gunned by panicky American troops. Today, the thousands are instead killed by US troops, Interior Ministry death squads, religious militias, Al Quaida, and random car bombs. And there's not much electricity.
I don't know what the answers are, but I'm positive that collecting identifying info on people who want to look at chip data sheets is not one of them.