OpenBSD Project in Financial Danger 610
DieNadel writes "In an entry to the OpenBSD Journal, Marco, from the OpenBSD project, warns about the somewhat disturbing financial situation in which they are now. The OpenBSD team is the one that also develops the OpenSSH suite, used nowadays almost everywhere. From the entry: 'What I want to point out what a lot of people don't seem to realize is that OpenSSH development is paid from the same pool of money as OpenBSD. OpenSSH is in use by millions around the world however the revenue stream just simply isn't there. This is where other projects could help. Without naming entities or projects by name there are others out there that are sitting on some cash. It would be wonderful if these entities could share some of the wealth to keep us going.'"
Mojirra (Score:1, Insightful)
Pro tip: He's talking about Mozilla.
Sorry, Theo (Score:2, Insightful)
Maybe people are deciding you're just too much of a douche to put up with.
I'm sure if you run out of money and cant work on openssh anymore that someone with the time and resources will pick up the ball and run with it. Such is the nature of OSS.
Love,
the Free Software Community.
Seperate the openBSD & openSSH projects? (Score:5, Insightful)
These companies however would not want to give to an operating system project that competes with them.
Maybe the openBSD & openSSH projects should seperate?
Does it matter? (Score:2, Insightful)
Consider going GPL? (Score:4, Insightful)
Re:Sad (Score:5, Insightful)
You?
OpenBSD offended their sugardaddy (Score:3, Insightful)
OpenBSD is a vital project that is lead by an amateur. OpenBSD had a sugardaddy [computerworld.com] in Darpa, but apparently offended them with negative comments. My question, who does he think will be most interested in his super secure OS?
Open Source Funding... (Score:5, Insightful)
There are some great and very useful OSS projects, but I don't make a living that way. My money comes off closed source/proprietary software - on the hugely popular closed platform. It's already hard enough making a living this way, I can't imagine how "easier" it would be if I gave the app away with the source code and let people fork it. I have enough money now to retire at 30, put my kids thru university, etc. Had I gone the open source way, I don't think this would be true.
It's just like websites and newspapers lately. Besides some advertizing (that we block in any way we can like using AdBlock), there just isn't much of a revenue stream. Nobody's really figured it out yet... Yet there are so many bright folks who've been scratching their heads for a while. This could be the 2nd "dotcom" crash - money has to come from somewhere to fund all this.
Sorry, wrong answer (Score:3, Insightful)
"It would be wonderful if these entities could share some of the wealth to keep us going."
Wow, that's a weak response. It sounds like they're basically asking other F/OSS projects to fork over cash because OpenBSD can't raise money. And it makes F/OSS groups look like the business-challenged hippies that some people think they are.
If you are going to have an OpenBSD organization, then that means that part of your job is raising funds to keep yourself a going concern. Let me repeat: your job is no longer just to write code, but to bring cash in the door so that you can continue to get paid. If you are building products that world + dog are using, then that should be pretty easy. If you are not capable of raising funds, then you need to find someone who is good at it to help you out. There are plenty of those people out there - any semi-competent second-year marketing student should be able to significantly increase their funding channels over what they have now.
I'm sorry but I just don't think you can say, "hey, other open source organizations have done a good job working with the public and the press, and they raised funding, so why can't we have it?" It just hacks me off when programmers complain about the business-types at an organization, then discover it's actually harder than they think. And in this case they have taken the additional step of not trying to remedy the problem, but actually glomming off other groups that have maintained done great work with fundraising and marketing their products.
I have supported OpenBSD myself in the past by buying install discs and T-shirts. I think OpenBSD is a fantastic OS and I will contribute my few bucks here and there to keep them going. But if OpenBSD's answer to their money problems is not to fix their own house but rather to ask others to fork over - it probably means they'll just get in this same hole again later! I think they need to have a better answer to this question if my support (or anyone else's) isn't just going to be money down the drain.
Re:Sad (Score:1, Insightful)
We are always worried about #1. Take your average workplace. If everyone is pulling their weight, people do their job. If one person slacks off and gets away with it, the rest of the staff immediately drops to the level of the slacker. The mindset is "If HE can get away with murder and still get paid, I can do the same thing" Never mind that we are still getting paid by our employer... we feel some snse of entitlement when one person is getting off scot free.
Now, return to OSS. Companies who use OSS don't donate. They see it as throwing money away. People don't contribute to OSS respositories at nearly the rate they use it. And people hardly ever donate money either.
Bottom line: OSS is a wonderful idea... like communism. You will find pockets where it works. But overall it falls on its face.
Re:Consider going GPL? (Score:1, Insightful)
Switching would also be in violation of the rights of those who contributed code under the assumption of BSD; switching thus isn't legally viable.
The GPL isn't free software - it's communal software as in communistic communes or hippie communes.
The BSD style license enables true freedom for authors and users alike. Freedom to fork. Freedom to contribute. Freedome to use.
The GPL is so complicated how many of you have actually taken the time to read it? It bases is communistic society on rules that restrict your freedom by putting limits on what you can and can't do with it. For example, you are not free to develop with it and sell your modified versions without contributing your source code back to the commune. That's not freedom. That's communism.
Be FREE, Be BSD (or equlivant).
Re:Seperate the openBSD & openSSH projects? (Score:4, Insightful)
Maybe the openBSD & openSSH projects should seperate?
This is exactly the first thing I thought when I read this story. It sounds like the developers are yelling: "OH NOES, OPENSSH IS DYING, WE NEED MONEY!!!!11", and then honest people, who want to support openssh, ask "How can I support OpenSSH?". The answer given is "Give money to OpenBSD."
To me, that's unacceptable. It's classic bait-and-switch. I use OpenSSH every day of my life and if you count scripts and cronjobs, probably every hour of my life. But I could give a shit about OpenBSD. So, while I'd be willing to help OpenSSH out, I want to know that my money is being spent on OpenSSH. I don't want the overhead going to OpenBSD. There, I admit it - I expect something in return for the money I donate - it's my money so sue me.
You want to get support for OpenSSH? Fork off the legal entity and make an OpenSSH foundation which can accept donations directly. We're not going to solve your OpenBSD problems for you, though.
~Will
the flip side to all this (Score:5, Insightful)
What happens in six months when OpenSSH is no longer actively supported by the team that created it and a new exploit is discovered/released? What responsible IT manager is going to let his employer get into the potential problem in the first place?
I say, rather than begging for donations, the OpenBSD team needs to get their act together and find a way to keep the lights on, or they're going to see fewer and fewer people trusting the use of their software in large corporate environments. If that means the leader of the team needs to keep his mouth shut about his anti-war views when he's depending on a grant from the US Defense Department to keep his operation going, then that's what he needs to do. Being an adult means doing things you don't neccessarily want to do, like eating your peas and broccoli.
Re:How you can help (Score:2, Insightful)
In order words, we're discovering that handing out quality products and begging for money in return doesn't work. Is anybody really surprised?
When was the last time YOU gave money to OpenBSD?
When I bought OpenBSD 3.2 and it took them 4 months to ship it to me, and it arrived in broken jewel cases and the source CD was scratched beyond readability. That's why they aren't getting any more money out of me.
You can help by getting off your rear and writing to your congressman [house.gov] or senator [senate.gov]. Tell them that critical free software is important to you. Tell them that you appreciate the work being done by the OpenBSD and GNU teams to support you with the software you need in your life but that if cheapskates keep refusing to contribute to the projects, ensuring people like Theo are not forced to hold down proper jobs, you will be forced to use less and less secure and intelligently designed alternatives. Explain the concerns you have about freedom, openness, and choice, and how a lack of money for Free Software harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on funding Free Software.
Are you kidding? You want me to encourage my congressman to publically fund open source software? You want the state to get involved in software development? Because you do you realize that the government doesn't just write blank checks. Not even Halliburton gets a blank check, there's strings attached to all this shit. Do you really, seriously think it's a good idea to turn open source software funding over to the government? Because you know what's goign to happen. We get fat sucking off the public teat and when the government wishes to change something in how that software works because our reps are getting lobbied by the RIAA, they threaten to cut that funding out unless we incorporate (or don't incorporate, or stop development on) some specific feature or package that a lobbyist finds to be inconvenient. Like p2p technology.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Remember, it was thanks to ordinary people like YOU that we are now seeing such innovations as SMP in OpenBSD. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
No, sir, you can shove your socialized software up your ass. I want my government staying as far away from OSS as possible.
Re:Someone has to say it (Score:4, Insightful)
I don't think I'd describe Theo as particularly arrogant. When I've seen or read interviews with him (there was a particularly good one in the Sydney Morning Herald a while back that Google can probably help you find), he's seemed like a reasonable and rational individual. He occasionally flames people on the developer mailing list, but I don't really see how that affects you as a user.
Re:Do what you can. (Score:4, Insightful)
Donation Drive + Free & Open (Score:2, Insightful)
OpenBSD needs to open up it's OS distribution so that people can download and bit torrent OpenBSD ISO disks. OpenBSD needs to be a little easier to install. By taking these steps more people will find out about the project and use it and it will be easier for them to install.
For example, I know someone who switched from OpenBSD to FreeBSD simple due to the ease of installing FreeBSD.
Theo, open up OpenBSD distribution and get with it, have a donation drive: 100k per year sounds like a good goal. But if the software is hard to get then people simply won't use it.
Re:order an OpenBSD CD (Score:3, Insightful)
It obviously, and unsurprisingly, isn't working for them. They should work on finding other ways to raise money.
Re:Do what you can. (Score:1, Insightful)
Re:Sorry, wrong answer (Score:5, Insightful)
What are you talking about? Let's look at that quote in full:
It seems to me that he's talking about businesses such as RedHat, who include OpenSSH in their products, not random open-source projects.
And if you were keener on reading the article than flaming, you would see that they had a working revenue stream in the form of selling CDs, but that people were moving away from it in preference to obtaining it for free.
The demand isn't any less, they aren't losing any users, they are just having to deal with people less willing to spend money when they can get something for free. It seems very reasonable to hint - without naming names - that the businesses who base their products on OpenBSD's work should contribute a bit. It's in their own best interests even.
Re:OpenBSD offended their sugardaddy (Score:3, Insightful)
So you think that because an open source project has received some US government funding that the high profile members of such projects should voluntarily gag themselves in order to please their sugardaddy?
You do realize that "the government" is not some monolithic inhuman machine, right? If I'm giving money to someone who mouths off about how I'm "sickening" him, I'm probably going to get tired of it. It's not about "gagging" themselves, it's about wanting a bit of simple courtesy. Not to mention holding a hypocrite responsible. If he doesn't the like the source of the money, then he shouldn't accept it. If de Raadt's anti-war comments were indeed the reason that the funding was pulled, shouldn't you look to blame DARPA for being amateurish/childish and not de Raadt for simple speaking his mind?
Guess what? Free speech does not mean you are free of responsibility. No one said The Rat couldn't say whatever the hell he wanted. But that doesn't mean that the *people* he's insulting have to work with the a-hole.
Re:Sorry, wrong answer (Score:3, Insightful)
Wow, that's a weak response. It sounds like they're basically asking other F/OSS projects to fork over cash because OpenBSD can't raise money. And it makes F/OSS groups look like the business-challenged hippies that some people think they are.
Man this is astute. The problem as I see it is that OpenBSD relied on a revenue generating source (people buying CDs) that was a dead end. Go back, say, 2 years ago and yes, I can see someone buying a CD because they don't want to keep their dialup connection tied up for 24 hours to download one CD. I have plenty of friends and relatives who I thought would never, ever get broadband internet who have indeed gotten broadband internet in the past year. When you have DSL or cable modem, why should you pay OpenBSD for the CDs when you download everything you need in, I don't know, say 10-15 minutes and get instant FREE gratification? Any business model they have that relies on people buying CDs from them is doomed to fail.
Re:Seperate the openBSD & openSSH projects? (Score:2, Insightful)
Yes, those OpenBSD guys are the typical evil marketing geniuses, just sucking you in with one thing and then trying to sell you something else. Damn them and their not-for-profit, giving all their software away, could use some donations please to continue their work ways.
Oh the nerve!
Re:Sad (Score:2, Insightful)
What sort of reality-distortion field are you in that it looks like Linux, GNU, FreeBSD, Mozilla, and OpenOffice are mere "pockets" of success and OpenBSD's perennial financial trouble is the "overall" situation?
Re:Sad (Score:3, Insightful)
The reason this is happening to OpenBSD isn't because they're relying on donations and support money...It's because many of the prominent members of their community have alienated those who would otherwise be willing to shell out cash. Bad salesmanship will kill businesses and organizations alike.
Their biggest problem... (Score:5, Insightful)
When the U.S. DoD was funding them, the disbursements were handled thru a University or some such.
They need to grow up as an organization. Find a sympathetic accountant to donate his time/effort to establish a tax-free (and tax deductable) non-profit in Canada and an arm in the U.S. Hell, maybe one in the EU and one down under as well.
This will make them infinitely more appealing to corporations who have deep pockets and MAJOR qualms about writing big checks out to individuals.
-Charles
Re:I gave OpenBSD a chance (Score:2, Insightful)
1. donated $40 (or whatever the cd sets cost at the time)
2. installed via ftp
you would have been done much faster and the project would have gotten more $$ for the same $$ out of your pocket
Re:Do what you can. (Score:3, Insightful)
Re:Slashdot Editors:Please add this link to the st (Score:3, Insightful)
Anyway I wish him luck and hope he gets organized. He really needs to establish a real non-profit and get someone with real fundraising experience working for him. Without that I'm surprised it lasted this long. IMHO giving him a few donations in order to keep the project running without him deciding to make major organizational chages is just delying the inevitable. I sincerely wish him the best of luck.
Re:Nice of Maddog -- but this is one for Google (Score:5, Insightful)
what openbsd needs, and what the article is highlighting, are the big companies who use openssh to kick in a few bucks
cisco uses it in their kit. soes does hp. ibm is another. do you think that between the three, they can't come up with say, $75k/year?
~a year ago, a friend of mine consulted at a company that was reworking their entire network. they ended up spending well over $30k on kit. they chose cisco *because* they had ssh (openssh btw) on their kit at the time. the other vendors they had did not
Re:Seperate the openBSD & openSSH projects? (Score:5, Insightful)
Same argument, only taxes aren't voluntary. This is.
(Don't forget that the money you might give only to the OpenSSH project would go towards ensuring it works on about a dozen hardware platforms. I suppose you'd prefer that such money go only to OpenSSH/i386, because that's all you think you use?)
flush master (Score:5, Insightful)
If eighty cents of every dollar I spend supporting OpenSSH gets flushed down the OpenBSD toilet, is that a good use of my contribution?
The cluelessness of this post defies belief.
I want to support this OpenFoil airplane wing because it supports me. However, if eighty cents of every dollar I spend supporting OpenFoil is vented through the OpenBlow high-test wind tunnel, is that a good use of my contributions?
NX protection, Pro-police, and priv-sep are all products of the two efforts coordinated together. Almost every dime OpenBSD spends is spent in the pursuit of enhancing security, and it's to imagine that those results are not immediately folded back into OpenSSH. Unlike FreeBSD, OpenBSD spends shockingly little on the OS itself. They aren't busy inventing disk geometry managers or porting to 150 different platforms.
90% of human stupidity originates in the capacity of the human mind to engage in intellectual shell games. Here is this dollar: let's split it up in to the 80 cents wasted on OpenBSD and the 20 cents invested in OpenSSH.
Or, my brother is dying of Leukemia. I want to donate blood because blood keeps him alive. Is that a good investment if 80% of the blood I donate is flushed down the toilet to replace blood lost during bone marrow transplants?
Almost too dumb to live, really.
Re:Sorry, Theo (Score:3, Insightful)
the Free Software Community. Ummm, are you the entire free software community?
Re:How you can help (Score:5, Insightful)
Just say no to TCP/IP, BSD UNIX, WWW, the Internet, FTP, and many algorithms used for smp systems and servers.
If it were not for uncle sam you would be paying $50 a month for AOL or CompUserve on a dialup modem with no interent nor innovation.
The government is not that evil in doing things like setting standards and funding research that private industry can't do because of their need to generate profits.
I have no problem with academia sponsoring OpenBSD because it will help everyone including business and personal use. OpenSSH is the result of free software and so is the web and apache.
Its not that evil folks and the government is not always bad. Sometimes its needed because the industry can't help itself.
Re:Do what you can. (Score:5, Insightful)
Also, I just sent a donation to OpenBSD via paypal. Even if I don't think of Theo as the greatest guy in the OSS world, the project is very important to keep alive, and not just for the OpenSSH portion. The OpenBSD group has made a public plea for support and I'm dissapointed to see something along the lines of "needing money, huh, hehehehe then just suffer bitches..." from many posts here.
I'm sure that talented people with a little spare time will read those kinds of posts and be glad to spend a year or two writing something cool and useful for you. With these attitudes, they may get what they are really begging for; a computer running microsoft software because developers got tired of people not stopping at mere indifference towards the projects, but happily extending into ridicule. What a grateful bunch we must seem to be.
OpenSSL/OpenSSH is important! (Score:2, Insightful)
Re:Are many people really using OpenBSD? (Score:3, Insightful)
First, there's a good amount of production servers running OpenBSD. I happen to be the developer of an OpenBSD-based firewall, and the things are running rock solid. The only failures we've had in 5 years are hardware-related. One of the firewalls sits in front of our developer network and has by far the best uptime of anything in the company, including several so-called high-availability systems.
More importantly, only a fraction of the OpenBSD development efforts have moved into other systems, and then often incomplete or much later. I don't wanna start a W^X vs. other methods discussion here, but if you've ever seen a presentation where Theo or one of the other core dudes explained just what is really new under the hood in the latest release, you'd be quite surprised. There's a lot of actual research and development going on in OpenBSD.
Re:Seperate the openBSD & openSSH projects? (Score:3, Insightful)
This is called a valid point. Contribution would support the continued marriage of OpenBSD and OpenSSH, which does not need to exist. I understand.
OpenSSH would not have existed (in its current form) without OpenBSD. OpenBSD continues to provide a solid theoretical and practical framework for OpenSSH. I see nothing productive about a divorce, outside of serving the DeRaat-hating egos. If you are adamant enough, write a check directly to Tatu Ylönen.
Unfortunately, I believe you are simply posting to make noise.
Re:Consider going GPL? (Score:3, Insightful)
This is the dumbest line of thought that I continually hear. If you're going to try and distill your argument to fundamentals, you've got to make sure your argument makes sense in the first place.
Do you think we would be more free if there were no laws? Sure, we would be free to do some things which the law currently prevents us from doing, but do you think you'd have the freedom to walk to the end of the street without getting mugged at knifepoint?
Or as it as been put more concisely: "Without rules, we have no freedom."
Re:Consider going GPL? (Score:3, Insightful)
They are when you miss the point that badly. You claim changing the license on a project other people have contributed to would be unethical. And yet you prefer BSD to GPL because...it allowes you to change the license on a project other people have contributed to?
While others can distirbute their enhancements under modified terms the original authors code remains under BSD terms regardless of the actions of others. This power comes from Copyright law.
Sure, openssh 4.2p1 is and always will be BSD. But there's no reason on earth Theo can't simply announce that official releases from the Openssh project will now be GPL. They have the right to distribute all the code they currently have under GPL - the BSD license allows you to do this - and they could also add code from other GPL projects, which would be useful. New submissions could either be BSD or GPL licensed. Anyone who wanted it to stay BSD could fork the last BSD-licensed version, like with the xorg fork of xfree86 (which forked the first beta of 4.4 because the license changed happened with the second beta, at least iirc)
While the GPL provides a few "freedoms" it does so at a tremendous expense: the authors rights using the mechanisms of many restrictions; this is what many, including I, object to.
What restrictions? There are restrictions on the terms under which you can redistribute. That is all.
BSD style licensed projects have been very successful with no anarchy present and notably with no need to enforce people's natural desire to contribute with rules as the GPL does.
They have. On the other hand, they have also meant e.g. Apple has a superior OS to anything in the free software world, because they can take anything they want from the BSDs, add their own stuff to it, and no-one else is able to use the stuff they've added. There are plenty of generous people, but there are also people and businesses who are not generous - and those are more of a threat, and more to be concerned about.
At the expense of the original authors, thus the GPL compromises (in the dark sense) the rights of the original authors.
How? The original author has all the rights they would, and can relicense under any terms they choose - look at trolltech, mysql, or plenty of others. The only people whose rights it restricts are the redistributors. Yes, GPL puts the rights of the user above the rights of the redistributor they bought the software from. I think this is the right way around for things to be.
You made my point for me - you give up your rights with the GPL. With a GPL'd licensed program you are not free to add your own code and distribute it without also giving your modifications.
But this isn't the author giving up the rights, this is someone else, and the only rights they lose are some of distribution. With BSD it is the author who gives up rights - someone else can take your code, change it, or just pretend to even, distribute the binaries around, even back to you, but not let you see what's happened with your code. And it is the users of this redistributed version who lose rights. GPL gives rights to the author, and it gives rights to the end user - the only people who don't have as many rights are the middlemen.
You may sell a warranteed version of a BSD program if you so choose. However it's you making the warrantee and not the original authors. They'd allowed you and others to freely use the code without any warrantee. If you sell it with a warrantee then you are taking on that legal obligation. Could be risky. Could be lucrative. Good luck in that business.
That's certainly the situation with the GPL - but it explicitly states that you can sell it with warranty protection. The BSD says you have to include their disclaimer of warranty on any redistributed version, and doesn't say anything about selling your own warranty for it. It's probably ok, but it's certainly less clear - which is the price of its brevity. A lot of the length of the GPL is from being clear about things.
Re:Seperate the openBSD & openSSH projects? (Score:3, Insightful)
Sorry, but it seemed a reasonable analogy to respond to an apparently unreasonable person. Your comment made you sound like a heartless greedy bastard, and evidently I was not the only person to read it that way. If that is not the impression you meant to give, you might want to take it up with your ghostwriter.
On a much more civil note, please remember that the project linkage you call wagging the dog exists for historical reasons: OpenBSD developers wanted a free version of SSH, so they made one. Then they gave it away. That same developer pool still maintains it, because the OpenBSD project requires a free and highly correct implementation of SSH and they think they are maintaining a better one than anyone else is. I'm sure they're delighted that world+dog uses their tool, but that's ancillary to what they're interested in doing. It's not really a separate project, it's just part of the toolkit OpenBSD develops for its own use and gives away freely.
(Also, don't forget that OpenSSH profits from being developed on and by OpenBSD. Their coding and auditing practices with an eye towards correctness and security make it a very reliable tool.)
Of course, you still may not like this. That's fair enough. But I seriously doubt they'll alter their practices to suit you... especially since you didn't ask nicely or say please.
So you have some choices: Stand aside and let other people donate to support OpenBSD and its child project OpenSSH, overcome your objection and donate to them knowing that much of your donation will go towards other projects, or do it your own damn self.
It's BSD licensed code, after all. If you don't like the way they're handling the business, just grab the source and arrange to maintain it yourself. Or start a foundation, or a for-profit, whatever. It's free code.
If, like me, you lack the interest, time, and expertise necessary to do this, then I'd suggest that you stick with one of the first two options. And if, as you said, you use and appreciate OpenSSH, then I'd suggest that the second option is more likely to achieve the results you want.
(Incidentally, the article quoted marco out of context. He mentioned OpenSSH as part of a pitch for OpenBSD donations, not the other way around. See the whole thing here. [undeadly.org])
Re:Seperate the openBSD & openSSH projects? (Score:5, Insightful)
In which case, OpenBSD is helping you. OpenBSD's new safer malloc()/free() implementation found security bugs in x.org recently.
Same goes for most things that end up as part of OpenBSD - the stricter environment of OpenBSD shakes out bugs and the entire community benefits, not just OpenBSD users.
OpenBSD benefits far more than its immediate userbase.
Re:OpenBSD offended their sugardaddy (Score:3, Insightful)
It's called civility, and it's called that because it's what keeps civilization going.
He's welcome to have his opinion, and even to state it anywhere he likes-- Canadians have as much free speech as anyone-- but he should have kept his mouth shut and just grinned and bore it, like anyone else would have done. Because he didn't, now he's begging for scraps on Slashdot.
Re:Their biggest problem... (Score:3, Insightful)
"There is zero tracability and zero accountability."
Funny because there is exactly that on the side of the people/organizations using OpenBSD/OpenSSH, you can get it for free, use it, sell it, etc and not even have to distribute source code or anything. The funny thing is business not trusting Theo with their money, but trusting his project with their critical infrastructure.