Forgot your password?
typodupeerror

Hifn Restricts Crypto Docs, OpenBSD Opens Fire 304

Posted by ScuttleMonkey
from the don't-tread-on-me dept.
Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."
This discussion has been archived. No new comments can be posted.

Hifn Restricts Crypto Docs, OpenBSD Opens Fire

Comments Filter:
  • Go Theo. (Score:4, Funny)

    by AltGrendel (175092) <ag-slashdot@[ ]t0.us ['exi' in gap]> on Wednesday June 14, 2006 @07:49AM (#15531088) Homepage
    They obviously don't know who they are dealing with.

    This should get really interesting.

    • Heh...for once, Theo's attitude is actually put to good use.
  • By my math... (Score:3, Insightful)

    by Enderandrew (866215) <enderandrew&gmail,com> on Wednesday June 14, 2006 @07:52AM (#15531100) Homepage Journal
    ...I count 12 required fields where you have to enter data.

    Is this worth throwing a hissy fit over? Once one person downloads the docs, they can distribute them.

    • Re:By my math... (Score:3, Insightful)

      by tygerstripes (832644)

      Registration at our extranet is required along with an email address that can be confirmed. We cannot support anonymous FTP or http downloads. The reason for this is that we are required by the conditions of our US export licenses to know who and where our customers are. If anyone objects to registration then we could not sell them chips anyway so it does not seem an unreasonable restriction to us.

      Implication: they are collecting the data in case they're asked to provide it. To the US Govt. Yeah, that'

      • The way export is defined in US regulations and laws is not about sale. It has to do with making objects and information available. E.g., multinational companies are required to provide some segmentation in their computer networks to avoid exposing export controlled, or ITARS restricted information from reaching their non-US employees.
        Whether or not one thinks that the US government is becoming paranoid and over-secretive (I do), this is not an unreasonable definition of export. E.g., if one just gives c
    • Re:By my math... (Score:5, Insightful)

      by Deliberate_Bastard (735608) <doslund.cs@ucr@edu> on Wednesday June 14, 2006 @08:02AM (#15531131)
      >I count 12 required fields where you have to enter data.

      >Is this worth throwing a hissy fit over?

      And I count one (1) principle at stake.

      Which is *always* worth throwing a fit over.
      • Re:By my math... (Score:2, Insightful)

        by gowen (141411)
        And I count one (1) principle at stake.

        Which is *always* worth throwing a fit over.
        The ability to compromise is not a sign of weakness.
    • Re:By my math... (Score:3, Interesting)

      by linvir (970218) *

      Once one person downloads the docs, they can distribute them.

      That would be fine if they were writing homebrew XBox games. Maintainers of major operating system distributions, on the other hand, have to be very careful about complying with licenses.

      And did you even read the email? Hifn wants de Raadt to play along and pretend that their docs are open. They think that they deserve special treatment over all the other manufacturers in the industry, probably in order to collect data to sell on to marketers.

      I

    • Re:By my math... (Score:5, Insightful)

      by bhima (46039) <Bhima.Pandava@NosPaM.gmail.com> on Wednesday June 14, 2006 @08:22AM (#15531228) Journal
      Yes.

      You have to sign an NDA to get the documents. So you would be violating the NDA to redistribute them.

      There isn't a business advantage to this sort of secrecy because your competitors can easily obtain this same information through a blind. So it comes down to policy motivated by irrational fear & greed. Who needs to really deal with company with these qualities?

      This topic is of primary interest to me because I am shopping for a crypto accelerator card right now, for use in the fall. Given the success and ease I have had using OpenBSD, and given the great support I have from the mailing lists, this is a reasonable criterion to use when purchasing hardware. In fact at some point of the decision making process for all of my hardware I have done a search on the OpenBSD mailing lists. This sort of information makes installation and maintenance a simple thing.

      So it really does boil down to unless the OpenBSD group recommends a certain piece of hardware I won't buy it...
      • Re:By my math... (Score:3, Informative)

        by chill (34294)
        You have to sign an NDA to get the documents. So you would be violating the NDA to redistribute them.

        You are wrong. I just filled out their form and got immediate access to the spec sheets, no NDA required. The form asked if I had an existing NDA and I said "no". It didn't complain. I was automatically e-mailed a password which gave me immediate access to the 7956 Security Accelerator data sheet, no questions asked.

        The data sheet itself is copyright and does say you can't redistribute without permission
      • The vendor is clearly in the wrong. The EU, for example, has made it clear that interfaces are not copyrightable and that reverse-engineering interfaces is legit. Furthermore, interfaces are generally NOT protected by NDAs, no matter what Hifn claims. I was able to download data sheets, APIs and bleep knows what else from Motorola's old chip unit (I think it's now called Freescale) without signing anything, without answering any questions and without agreeing to a damn thing. If NDAs were normal, you'd thin
  • Theo (Score:5, Insightful)

    by dirtyhippie (259852) on Wednesday June 14, 2006 @07:56AM (#15531113) Homepage

    Oi, Theo! I agree with you 100%, but please, tone down the virtiol just a smidge! From TFA:

    Jason and I spent a lot of time writing that code in the past, but because your policies are privacy invasive towards us, and thus completely thankless for the sales that we have given you in the past -- we will not spend any more time on your crummy products.

    And if you continue baiting me, I will delete the driver from our source tree.

    Calling their products "crummy" and threatening them with driver deletion if they don't stop "baiting" you is not a way to get what you want. Now it means some egomaniacal manager has to eat crow for the driver to go public. I was in 100% agreement with your post until I got to this point.

    Sometimes, I wish someone would just slip some sort of tranquilizer in the water supply near Alberta...

    • Re:Theo (Score:5, Insightful)

      by flumps (240328) <matt,corby&gmail,com> on Wednesday June 14, 2006 @08:06AM (#15531145) Homepage
      In fairness you do not know what has gone before. Theo mentions "personal emails" and "previous discussions".

      Some people just do not listen unless you threaten them like this. It must've been the last straw..
  • by gowen (141411) <gwowen@gmail.com> on Wednesday June 14, 2006 @08:02AM (#15531132) Homepage Journal
    That's a typical OpenBSD discussion, in which Theo DeRaadt
    i) is basically right
    ii) still manages to sound like spoiled whiny tosser in the process.
    • ... but most of slashdot is like that isn't it? You should be used to it by now :)
    • [...] in which Theo DeRaadt [...] still manages to sound like spoiled whiny tosser in the process.

      No, he doesn't. /. readers probably have so little practice speaking truth to power that they don't recognize what it looks like when it's laid out before them. The only non-surprise here is that another /. poster is finding a way to criticize those who defend our freedom to share and modify by speaking up and acting out. It's much like the overrated comments on the recent RMS in France thread [slashdot.org] where RMS

  • by TripMaster Monkey (862126) * on Wednesday June 14, 2006 @08:07AM (#15531148)


    From Theo's response:
    "50 personal questions" is not open access. Please don't lie about it.


    Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source. This position may currently be confined to OSS in general and the HIFN question in particular, but it's not difficult to imagine this argument generalized to apply to any situation in which an entity requests personal information. Personal info needs to be treated as the valuable commodity that it is...kudos to Theo for taking a stand on this issue.

    Theo also addreses something many of us here are worried about:
    >Registration at our extranet is required along with an email address
    >that can be confirmed. We cannot support anonymous FTP or http
    >downloads. The reason for this is that we are required by the
    >conditions of our US export licenses to know who and where our customers
    >are. If anyone objects to registration then we could not sell them
    >chips anyway so it does not seem an unreasonable restriction to us.

    So the personal information you ask for in the registration process
    will be given to the US government if they ask? Without court
    documents demanding the information?


    Even disregarding the 'personal info == currency' argument outlined above, this objection stands on its own. HIFN is basically stating that yes, the info gathered will be handed over to the U.S. government on request, to satisfy their licensing requirements. This alone is a deal-breaker.

    Theo sums his entire argument up beautifully here:
    We are not your customers. YOU ARE OUR CUSTOMER. Our driver sells
    your chips.

    I know that our hifn driver has some problems. But because I cannot
    get data sheets without giving you private information, I will not
    spend even one moment more of my time to improve support for your
    products. Jason and I spent a lot of time writing that code in the
    past, but because your policies are privacy invasive towards us, and
    thus completely thankless for the sales that we have given you in the
    past -- we will not spend any more time on your crummy products.


    Well said, Theo. I for one don't care to support a company who engages in such practices, and I would rather see no support for a product than half-assed support, because the driver writers were not allowed full, unfettered access to the data sheets.

    And finally from Theo's response:
    And if you continue baiting me, I will delete the driver from our
    source tree.

    I stand by my statement that HIFN is not open.


    Don't just say it, Theo, do it. If you stand by your statement, then HIFN has no place in the source tree, and should be deleted immediately.
    • I for one don't care to support a company who engages in such practices

      Well, it would appear that a condition of obtaining an export licence for their products is that they be able to identify their customers. This condition was stipulated by the US government (or an agency thereof), so it would appear that Hifn had a choice: agree, or not export their products.

      From what I've read so far at least, it would appear that you do not care to support a company that complies with the law and demands of its governm

      • Well, it would appear that a condition of obtaining an export licence for their products is that they be able to identify their customers.

        This is entirely beside the point. The driver writers are not customers.

        Documentation of a product is not restricted by export licenses pertaining to that product...only the product itself is restricted.
      • Theo isn't asking for a product. He is asking for documentation (data sheets). Further, as the email points out, he isn't looking for documentation regarding unreleased products, etc. but for documentation that was *freely* available eight years ago. Additionally he points out that other *crypto* companies provide information that is more available. What is unclear to me though is whether or not those companies he vaguely mentions are US companies.

      • What you're missing (aside from what the other replies have said) is that a third party's compliance with the law is not OpenBSD's problem. If compliance with US law and OpenBSD's polices are mutually exclusive, then Hifn is either simply screwed, or should move to another country. OpenBSD, however, should not be obligated to change policy.

    • Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...

      I think you are taking it too far. It's much more simplistic than that.

      Open means just that: Open. By using a closed registration-required access system, it's not open.

      Given our current government's "anti-terrorism" activities which is turning the US into a police state, is VERY likely that companies will be required to devulge this registration inf

      • I think you are taking it too far. It's much more simplistic than that.

        I think you might be right...but I would still like to see this become a sounding-board for the issue of personal data as commodity. Codifying how personal data can be collected, how the data can bee stored and used, and especially how the owners will be compensated for the loss or misuse of said data, can only be beneficial, especially in this day and age.

        Given our current government's "anti-terrorism" activities which is turning the US
    • Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source.

      Considering that marketers and their ilk pay handsomely for personal data, legitimately obtained or otherwise, it's safe to say that personal information isn't just tantamount to currency. It has a concrete monetary value. They are charging you, in a very real sense. You could seel your personal in
    • by mwvdlee (775178) on Wednesday June 14, 2006 @09:23AM (#15531561) Homepage
      Everybody seems to be sidestepping the main issue.

      The real question that should be answered is whether hifn are indeed required by law to ask personal information of the people downloading documentation, as hifn claims they are.

      If they are, than hifn simply cannot comply with OpenBSD's demands without breaking U.S. law.
  • by nonmaskable (452595) on Wednesday June 14, 2006 @08:07AM (#15531154)
    I didn't see any useful discussion of the key point in Cohen's email:


    Registration at our extranet is required along with an email address
    that can be confirmed. We cannot support anonymous FTP or http
    downloads. The reason for this is that we are required by the
    conditions of our US export licenses to know who and where our customers
    are. If anyone objects to registration then we could not sell them
    chips anyway so it does not seem an unreasonable restriction to us.


    With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD.
    • Please see previous post - I really don't see how this is supposed to be a violation of export licences! Export is sale overseas (please don't attack, pedants; I'm generalising). This is information which, according to HIFN, is "open" ie freely obtainable. We're not talking about the chips here, are we? Just the information about them.

      I'll be the first to admit I may be missing something obvious, but would genuinely appreciate being told what it is. In affable tones, if it's not too much to ask.

      • by nonmaskable (452595) on Wednesday June 14, 2006 @08:46AM (#15531358)
        I really don't see how this is supposed to be a violation of export licences

        AFAIK (and IANAL), detailed hardware documentation is considered the same as the product under the export license laws. Cryptographic technology actually falls under an even more restrictive license class - munitions.

        http://en.wikipedia.org/wiki/Export_of_cryptograph y [wikipedia.org]

        Read the "Current Status" section. My point is that Hifn isn't "baiting" anyone. You might disagree with their lawyer or think it's your right to demand that Hifn fight "the man", but that's another issue.
        • by TripMaster Monkey (862126) * on Wednesday June 14, 2006 @09:09AM (#15531482)

          AFAIK (and IANAL), detailed hardware documentation is considered the same as the product under the export license laws.

          Please post links supporting this contention, or withdraw it.

          Cryptographic technology actually falls under an even more restrictive license class - munitions.

          Whle this is true, the source code can still be legally exported in written format, since it falls under Free Speech.

          From this article [goingware.com]:

          And interestingly, you can't ban the export of a book, because a book is a form of free speech, and free speech is protected by the first amendment to the United States Constitution. So when a new version of PGP becomes available in the United States, it's source code is simply published in book form and mailed overseas, where the source can be retrieved by scanning it and using inexpensive optical character recognition software to convert the printed pages back to machine-readable program text files.
          Given that, as you stated, crypto falls under the even more restrictive license class of 'munitions', if you can export PGP source code without violating U.S. export restrictions, I'm betting you can export data sheets too.

          My point is that the HIFN's explanation of their requirement for personal info to satisfy their U.S. export license is pure codswallop, your nonsensical comments about HIFN 'fighting the man' notwithstanding.
          • Please post links supporting this contention, or withdraw it.

            http://www.access.gpo.gov/bis/ear/ear_data.html [gpo.gov]

            You can skip many of the "Part XXX"s. The applicable categories are obvious. Don't forget to read interpretations and supplement 2.

            I'm not going to respond to the rest of your rant, other than to suggest you get legal advice somewhere other than mailing lists and agitprop web sites.
            • by TripMaster Monkey (862126) * on Wednesday June 14, 2006 @10:19AM (#15531900)

              The applicable categories are obvious.

              If they're so obvious, why didn't you post links to those categories, or better yet, applicable excerpts?

              Don't forget to read interpretations

              Fair enough...I read through Part 770 - Interpretations [gpo.gov], but strangely enough, the word 'documentation' is only used once in the entire document. I've posted the relevant passage for clarity:

              (2) Export documentation requirement.

                        (i) When preparing a license application for a
              numerical control system, the machine tool and
              the control unit are classified separately. If either
              the machine tool or the control unit requires a
              license, then the entire unit requires a license. If
              either a machine tool or a control unit is exported
              separately from the system, the exported
              component is classified on the license application
              without regard to the other parts of a possible
              system.

                                (ii) When preparing the Shipper's Export
              Declaration (SED) or Automated Export System
              (AES) record, a system being shipped complete
              (i.e., machine and control unit), should be
              reported under the Schedule B number for each
              machine. When either a control unit or a machine
              is shipped separately, it should be reported under
              the Schedule B number appropriate for the
              individual item being exported.

              Please explain how the above supports your contention that 'detailed hardware documentation is considered the same as the product under the export license laws'.

              and supplement 2.

              Which supplement 2? The Supplement No. 2 to Part 764 - Denied Persons List [gpo.gov], or the Supplement No. 2 to Part 774 - General Technology and Software Notes [gpo.gov]? (HINT: Neither supplement contains anything to support your contention that 'detailed hardware documentation is considered the same as the product under the export license laws'.)

              In short, it looks like you thought you could try to justify your argument by pointing me to a ridiculously large government document, and then hoping I wouldn't bother to actually read it. You thought wrong.

              I'm not going to respond to the rest of your rant,

              Translation: I can't refute it, so I'll shut my eyes and pretend it's not there.

              other than to suggest you get legal advice somewhere other than mailing lists and agitprop web sites.

              And this from the person who qualified their original contention with 'AFAIK' and "IANAL'. Pot, meet kettle.
              • by nonmaskable (452595) on Wednesday June 14, 2006 @04:29PM (#15534916)
                The applicable categories are obvious.
                If they're so obvious, why didn't you post links to those categories, or better yet, applicable excerpts?


                Laziness. Category 5pt2, and 4 & 5pt1 also. Look how broad ITAR 120.10 is (and according to another poster in the thread they can also classify info as a "service" and use those sections).

                In short, it looks like you thought you could try to justify your argument by pointing me to a ridiculously large government document, and then hoping I wouldn't bother to actually read it. You thought wrong.

                I thought right. It looks like you searched a couple of sections for the word "documentation" without even trying to follow it. Understanding "ridiculously large" and complex laws that put people in jail is hard, that's why lawyers get paid big.

                other than to suggest you get legal advice somewhere other than mailing lists and agitprop web sites.
                And this from the person who qualified their original contention with 'AFAIK' and "IANAL'. Pot, meet kettle.


                Or with more thought and less attitude you might infer that I take my own advice.

                I'm not going to respond to the rest of your rant,
                Translation: I can't refute it, so I'll shut my eyes and pretend it's not there.


                Better translation: Oops, I'm wrestling a pig in mud.
    • With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD.

      It does raise an interesting point, should you effectively boycott a company because of the restrictions the government puts on it?
    • by Toy G (533867) <toyg.libero@it> on Wednesday June 14, 2006 @08:32AM (#15531280) Homepage Journal
      Documentation on how to interface with the hardware chip is NOT covered by export regulations. Only the actual chip, and its design specifications in regard to implemented algorithms, are covered.
      Hence, the docs that OpenBSD folks need (and had access to, until a few years ago) are NOT covered.

      The choice is between "giving back access to documentation to allow developers to work with your hardware" or "keep track of developers for marketing purposes".
      Export regulations enter the picture only if you don't know them.
  • by rsidd (6328) on Wednesday June 14, 2006 @08:18AM (#15531205)
    Theo repeatedly claims that the site wants "approximately 50 personal questions". I looked, and there are only 11 questions with required answers, of which I can only construe two (office phone number, and office address) as invasive of Theo's privacy. (I assume everyone knows Theo's name and email address, from the mailing lists.)

    If he objects to providing that information, he can say so, but this sort of easily-refuted hyperbole doesn't help.

  • by tygerstripes (832644) on Wednesday June 14, 2006 @08:27AM (#15531252)
    Due to lazy moderation and posting, there now appears to be no point in posting anything as a reply, so I'll ask again what I think is a pertinent question as a main post:

    How would this violate US Export Licences???

    Fine, don't export chips overseas without knowing who you're selling to, but documentation? For driver developers no less?? When Hifn themselves are trying to say that this information is open and free???

    This is the key point of Theo's argument, surely: that Hifn are not at all obliged to demand this information, and therefore are going against the principles of open access/source by demanding it. Can someone please explain what I'm missing here.

    • by TripMaster Monkey (862126) * on Wednesday June 14, 2006 @08:36AM (#15531305)

      How would this violate U.S. Export Licenses

      It wouldn't. Exporting documentation...even source code...is protected as Free Speech, provided the export is in book format.

      From this article [goingware.com]:

      And interestingly, you can't ban the export of a book, because a book is a form of free speech, and free speech is protected by the first amendment to the United States Constitution. So when a new version of PGP becomes available in the United States, it's source code is simply published in book form and mailed overseas, where the source can be retrieved by scanning it and using inexpensive optical character recognition software to convert the printed pages back to machine-readable program text files.

      If you can export PGP source code without violating U.S. export restrictions, I'm betting you can export data sheets too. Therefore, HIFN's argument is invalid.
      • Where the source can be retrieved by scanning it and using inexpensive optical character recognition software to convert the printed pages back to machine-readable program text files.
        Why don't they just publish the book in machine-readable format (e.g., as those two-dimensional barcodes or something)?
      • by caveat (26803) on Wednesday June 14, 2006 @09:35AM (#15531635)
        I'm willing to bet that there's a limit to what you can export, even in book form. Going to extremes, if I tried to export plans for the W80 nuclear warhead in book form (or print it on a T-shirt), I'd guess not only would export of that book be banned, but I'd be taking a nice long vacation at Club Fed..
  • Abusive much? (Score:4, Insightful)

    While I whole-heartedly agree with the point Theo was making in his article, I can't help but think that engaging in hyperbole (50 questions? ~25 is accurate) and verbally abusing and threatening the vendor is going to help in any way.
    • Well, it certainly generates publicity for OpenBSD. If Theo always replied with political, non-inflammatory statements to everything, it would be a different product. But I doubt it would be as talked about.

      Figure either way, hifn was not going to open the docs and thus not be supported. At least this way they got a bit of attention on Slashdot, a little more mindshare, etc.

      Sort of, "I don't care what people say about me behind my back, as long as they're talking about me."
    • Re:Abusive much? (Score:4, Interesting)

      by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Wednesday June 14, 2006 @11:31AM (#15532511) Homepage Journal
      I can't help but think that engaging in hyperbole (50 questions? ~25 is accurate) and verbally abusing and threatening the vendor is going to help in any way.

      True, but on the other hand, Theo really does have the upper hand on this one. If I can't use those cards under OpenBSD, I won't buy them. If I can, I probably will (because I could actually use some of that functionality in my VPN servers). Since I suspect a large part of their potential client base is in the same situation, it'd be in their best financial interests to go meet Theo's (reasonable) requests and stay stop arguing the point.

    • Re:Abusive much? (Score:3, Insightful)

      by chazwurth (664949)
      Do you have much experience working with vendors?

      I don't mean this as a joke. Often the *only* way to get vendors to do what you want is -- minimally -- to verbally abuse them, and often to threaten them. And if they're real wankers, to threaten them with bad publicity. And if they're super-wankers (which so many of them are), to actually start talking about them publically.

      Sure, doing it this way is a gamble -- he may piss them off so much that they stop communicating. Some vendors (the rational ones) deal
  • by Ritchie70 (860516) on Wednesday June 14, 2006 @08:34AM (#15531292) Journal
    OK, great. This info was freely available on their web site 8 years ago. So?

    You know what, if you'd wanted this 15 years ago, you would have phoned them up, given them the EXACT SAME INFO THEY'RE ASKING FOR on their web site, and they would have mailed it to you.

    And a sales-person might have called to see if you wanted to buy some chips.

    Theo's "50 questions" is email, name, company name, title, address, phone number, and "what is your project? What is your role? When do you want to buy some chips?" How about a little reality here. Theo does some great stuff, but that doesn't mean he gets to bend how the world works to his will.

    Just like the "I don't get any donations" rant from him a bit ago, he just doesn't seem to be well grounded in business realities. If you want donations, you need a tax-exempt foundation, not "make checks out to Theo." If you want data sheets, you might have to tell the company who you are and why you want them.

    • OK, great. This info was freely available on their web site 8 years ago.

      A moot point, since developers are *NOT* guarenteed to remain on the project for 8 years.

      If the docs are not available, then only the developers who managed to obtain the docs legally can consider working on that portion of the code. No new developers means that support will drop sooner or later - might as well drop it right away rather than wait for it to enter disrepair.

      You know what, if you'd wanted this 15 years ago, you would h

      • A lot can happen in 15 years - specs change, newer designs come out, etc.

        Yeah, and the GP's point was that in those 15yrs the personal info you provided for marketing purposes to get the docs _hasn't_ changed:

        >> 15 years ago, you would have phoned them up, given them the EXACT SAME INFO

        In those 15yrs what has changed is that in some jurisdictions at least (eg. EU, but probably not US) you do now have more rights over the personal info companies keep on you and how they use it. Including not allowi
    • by quarkscat (697644) on Wednesday June 14, 2006 @12:07PM (#15532846)
      The parent poster is a troll, and his argument is patently absurd.

      HIFN might make their documentation available to the (USA) public,
      but if it is released under restrictive NDA language, it is hardly "OSS-
      friendly". Is OpenBSD supposed to bundle binary-only drivers, with
      the MS-inspired adage "Trust us, we know what's best for you?"
      I think not!

      Imagine your level of trust in OpenBSD drivers that you cannot even
      see the source code to, let alone be forced to go back to the OEM for
      man / info pages. HIFN has far exceeded any legal requirement that
      USA Export Control regulations impose, and Theo has rightfully called
      them out for their current nonsensical position. This is not about HIFN
      furnishing proprietary SystemC or ERDA(?) data that would reveal the
      construction of the chipset or the crypto algorythms involved -- this
      is about data on how to fully interface to the chipset's I/O. There is
      no valid reason for OpenBSD (or any other open source OS) to continue
      to support HIFN. In fact, I woudn't mind seeing kernel code included that
      would fail to build with HIFN support, sort of like has been discussed on /.
      regarding locking out the SCO OS.
    • by dstone (191334)
      How about a little reality here. Theo does some great stuff, but that doesn't mean he gets to bend how the world works to his will.

      "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." -George Bernard Shaw.
  • by mcbridematt (544099) on Wednesday June 14, 2006 @08:34AM (#15531294) Homepage Journal
    "Jason and I spent a lot of time writing that code in the
    past, but because your policies are privacy invasive towards us, and
    thus completely thankless for the sales that we have given you in the
    past -- we will not spend any more time on your crummy products."


    Sales?

    Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.

    If you want drivers for "less mainstream OS'es", please attach your request to a large multi-mega-million part order from <insert vendor here>. If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.
    • Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.

      I wouldn't be surprised if a lot of their customers were BSD users. It's quite a common OS in the sort of application this chip is designed for.

      If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot p
      • by bodgit (658527)
        I wouldn't be surprised if a lot of their customers were BSD users. It's quite a common OS in the sort of application this chip is designed for.

        HiFn chips are used in the crypto accelerators made by Soekris Engineering [soekris.com]. OpenBSD running on one of their embedded PC boards along with one of their crypto accelerator cards is quite a popular combination.

    • People buying crypto accelerators tend not to be the same "Best Buy Shopping ooh wow 3 GigaHurts" type of people.

      If you're doing hardware crypto you're going custom and using BSD wouldn't be a far stretch.

      Tom
  • by m874t232 (973431) on Wednesday June 14, 2006 @08:39AM (#15531326)
    When companies impose weird intellectual property restrictions on their data sheets, then I'm all for making the process of getting the data sheets as cumbersome as possible--that way, FOSS developers will at least become aware that there is something funny going on.

    Some other vendors hide a restrictive license ("if you look at this, we own stuff you do with it") somewhere in the documentation or behind a "Read This License" link, but people who look at the documentation never notice.
  • by brennz (715237) on Wednesday June 14, 2006 @08:40AM (#15531333)
    I like Theo. The more of his statements I read, the more I appreciate his no compromise, take no prisoners approach.

    50 personal questions sounds way beyond overkill. I've downloaded plenty of export controlled software, with merely a few questions.

    My guess is, Hifn like many other companies, gives everything to their sales folks, or worse, resells it. Can you blame Theo for taking offense, when they want 50 personal questions answered?

    BTW, is this the signup? http://extranet.hifn.com/home/anonymous/?workflow= signupapp [hifn.com] or just part of it? That part about the NDA bothers me.....
  • by hotspotbloc (767418) on Wednesday June 14, 2006 @08:48AM (#15531367) Homepage Journal
    Does anyone know what they were besides what's on the first sign up page?
  • ... and lately the only OS focussing on fais seems to be openBSD. Thanks for fighting for OUR long term freedom again Theo.(Also a thank you to RMS). The one PC I have left at home runs OpenBSD and i BUY every new release.

    Kudos to Theo and the openBSD team

    J.

  • This is so the sales department can have an easy time pushing product. I'll bet anyone who signs up gets a call from the Hifn sales-droids within a week after they download the datasheet, if not before they grant access.
    • Or just spammed relentlessly. I opted to download a beta of SUSE and I still get "gee whiz you could be a SLES admin too!" spam from Novell to this day. Even though I distinctly remember checking the "fuck off, no spam please" option.

      The problem is sales/marketting people rarely understand their product let alone the culture it targets.

      You don't see many Windows people really clamouring over crypto accelerators. It's usually something that is custom and the people buying it are technically inclined. At
  • Sign up (Score:2, Insightful)

    It seems from the general tone of comments that nobody has actually signed and looked at this site. First, an earlier poster was correct in saying that there are much fewer questions than 50; and your email is verified (no different from many other companies and sites).

    I have signed up, the confirmation arrived within seconds and on the welcome is a message it may take several hours for a sysadmin to allow access - but no, I'm downloading PDF's straight away so it must be automated.

    It's just marketing; but

  • It would be great if the Linux crowd would do stuff like this too.
  • by herodiade42 (974875) on Wednesday June 14, 2006 @09:27AM (#15531590)
    Such kernels developers feedback are very precious and insightful for us, customers. It's not only a matter of freedom an principles, it's about quality.

    Be sure that - whatever the OS you use, being Linux, OpenBSD or FreeBSD -, when a vendor behaves that bad and is so reluctant in providing open access to documentation, you won't have a good driver nor a good support.

    Those vendors behaviours are usually symptoms of a "closed" attitude, secrecy centerd, so even when we accept NDA, we can't expect them to disclose the whole needed informations (like, say, all firmwares versions bugs that needs a workaround in drivers level, know bad behaviour of their chipsets etc). This attitude will also discourage some knowledgeable developers to help to improve the driver, to fix bugs etc. Requiring NDA will prevent OSS kernel developers to share sensitive informations regarding their experience with the device (between OS, and even sometime inside the same kernel dev team).

    So for now, if you need a stable encryption accelerator device, consider choosing an other vendor. Look out for Via C3, or SafeNet (and even some Broadcom) chipsets: those vendors plays the game well, don't seat on their customers (we) and the developers needs. They don't even hide behind a "U.S. export laws restrictions" argument, and didn't faced trials, proving the hypocrisy of HiFn assertions.
  • We cannot support anonymous FTP or http downloads. The reason for this is that we are required by the conditions of our US export licenses to know who and where our customers are. Theo did'nt address this directly, except by complaining that he did not like the fact he believes they would give over personal information to the U.S. government. If it's the law then the company has no choice. Screaming at the company because they refuse to ignore the law is futile.
  • by Pig Hogger (10379) <`pig.hogger' `at' `gmail.com'> on Wednesday June 14, 2006 @10:14AM (#15531875) Journal
    Bah!

    Just give bogus information.

    Everybody does! [brandrepublic.com]

  • by Tweekster (949766) on Wednesday June 14, 2006 @10:38AM (#15532069)
    in a form that will be made public. They need a PR person.

    He is right in principal in many cases, however he has absolutely no talent when it comes to voicing that principal. OpenBSD seriously need a PR person that knows how to deal with actual people, you know with a hint of tact, cause he doesnt have any whatsoever.
  • Thanks, but no. (Score:5, Insightful)

    by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Wednesday June 14, 2006 @10:46AM (#15532120) Homepage Journal
    From the email:
    Hifn reserves the right to keep our source code proprietary.

    Fair enough, Hank. But I reserve the right to not use proprietary crypto code in sensitive applications - which are the only ones that I'd actually buy hardware acceleration for in the first place.

    Let's get this straight: there's a world of difference between closed video card drivers and closed crypto drivers. Many of us are squeamish about about the former, so why would you think we'd cheerfully accept the latter? A closed source video driver could potentially crash my non-networked game machine. A closed source encryption accelerator cold potentially open my VPN server to the whole world.

    I hope you can appreciate the community's position here, but whether you agree with it or not is immaterial. Should you change your opinion to better mesh with that of your would-be customers, please let us know. Many of us would like to buy your products if they become usable for our applications.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...