Theo de Raadt Discusses OpenBSD and Beyond

emil writes to tell us that NewsForge (Slashdot Sister Site) is running an interview with OpenBSD project leader Theo de Raadt. In the interview Theo explores the upcoming release of OpenBSD 3.9, continuing financial difficulties, and some of the tension between the OpenBSD team and other businesses that some feel are taking advantage of the free software without giving anything back. In related news the Jem Report has an interesting writeup that expounds on widespread difficulties that could be faced if the OpenBSD project continues its downward spiral because of their parallel development of OpenSSH.

You doity raht

[The Famous Brett Wat (12688)]

Is it just me, or does anyone else always feel the urge to pronounce "Theo de Raadt" as "Theo da Rat" with a mafia godfather style accent?

It's not just openSSH

[Theatetus (521747)]

If you're a Linux user and you like your madwifi driver, you can thank the OBSD ath driver. Also if you ever want a RALink driver, OpenBSD is the only OS that has one right now and it seems almost certain any ports will be based off it. Anonymous CVS? Theo came up with it after NetBSD kicked him off the commit list. Randomized mmap, stack protection ... there's a lot of development being taken from openbsd. We've all got an interest here.

... and licenses

[John Whorfin (19968)]

A while back -- pre-SCO -- OpenBSD did a "license audit". I don't have the list in front of me but a sizable number of reasonably well-known open source projects had questionable licences. Theo really did ask nicely and got most of them changed.

TCP Wrappers IIRC was one of them, pppd another (again IIRC).

Like Theo or hate him, he's done more for the Open Source community than just piss people off.

Folks are completly missing the point...

[John Whorfin (19968)]

It's not that the Foo Corp is using OpenSSH w/o paying Theo or the OpenBSD/OpenSSH crowd. No one (including Theo) has a problem with that.

It's that some companies *cough*Sun*cough* make all kinds of noises about being "open" and "supporting open source" and market the crap out of it purely because it's the latest buzzword, when in reality they just don't give a shit.

That's what gets to Theo... and others.

Anti-Theo sentiments are muddying the point here

[twigles (756194)]

Theo may be a jerk, but that's not the point here. The OpenBSD team does great work that gets ported to other platforms or just flat out embedded, but no one wants to lend a hand. This interview did not strike me as whiney or greedy; Theo never came across as wanting to get rich, with his grand aspirations of paying travel expenses for poor developers.

His request is very reasonable - everyone is benefitting, and those who are in a position to give a little back should do so. He didn't say fund the project, he said contribute a little. Jeez, anything really.

This whole Slashdot anti-Theo movement is lame, it's like watching jocks push the nerdy quiet kid around in high school, which is a bit ironic considering that many of us *were* those nerdy quiet kids. Stop trying to be part of the "in" crowd by bashing this guy and read the article with an objective eye.

Absolutely

[theolein (316044)]

This whole Slashdot anti-Theo movement is lame

I agree wholeheartedly.

-Theo

Pony up

[Graabein (96715)]

An OpenBSD CD set is $49. If you've ever used OpenSSH or x.org X11 (read the article), you've already got your money's worth. In addition, chances are that somewhere in your organization (or at your house?!?) there's an OpenBSD-based firewall happily chugging away with PF and CARP.

So cut the anti-BSD crap and get over Theo's personality for like 10 seconds and pony up. Some day you'll be glad you did. If for no other reason, do it in your own best interest.

It's not about code but MONEY

[paugq (443696)]

What's so difficult to understand for those GPL zealots out there?

Theo is NOT talking about code. He couldn't care less about the code!

He's talking about MONEY. OpenBSD and OpenSSH need money to pay Theo's (and other's) income, bandwidth, servers, etc. How does the GPL help when you need money? It does NOT help!

Re:Hmm...

[dtfinch (661405)]

I'm pretty sure he's heard of it. While they do appreciate source code contributions, what they're really asking now for is money.

Re:Hmm...

[AHumbleOpinion (546848)]

...that some feel are taking advantage of the free software without giving anything back.

Damn. I wonder if there was anything they could have done about that?

No there wasn't, BSD as in Berkeley Software Distribution, as in University of California Berkeley, as in "Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved.", as in paid for by California taxpayers including corporations and individuals who should not be denied access to what they paid for.

BTW, you shouldn't confuse BSD with a very talented but potentially mismanaged team that has a tendency to piss off lucrative sources of income.

Re:BSD vs GPL is not relevant

[IgnoramusMaximus (692000)]

BSD vs GPL is not relevant. Theo's bed was made by driving away potential sources of income like DARPA.

Yes it is, as a part of a very long list of good advice he received over the years on a lot of things, and all of which he proceeded to sneer and snicker on, as only Theo can. DARPA's help is just one item on that very, very long list.

Re:Hmm...

[arivanov (12034)]

Not really applicable.

They started with a fork of the NetBSD codebase and maintained compatibility for a long while. Many drivers in the Net/OpenBSD tree used to be ifdef-ed for specific OS related parts. In fact one of the reason for OpenBSD to survive for so long especially on obscure architectures has been the fact that it used to rely heavily on Net for low level hardware specific code (disclaimer - I do not know if this is still the case as I have not looked at their source since 3.3).

As a result GPL-ing is not an option. Your codebase is heavily dependant on somebody's else's codebase which is BSD.

As far as the financial difficulties, all business and businesslike entities using GPL rely on support, custom code and consulting for their day to day living expenses. You do not get that money if you have this attitude:
http://www.securityfocus.com/archive/1/428749/30/9 0/threaded [securityfocus.com]. This is just one fresh example (this week).

Another essential factor is that if you write software in the real world you have to go out of your ivory tower on a daily basis and check what your competitors doing. OpenBSD tends to believe its own PR about their security prowess and does not follow Linux, FreeBSD and other OS development as much as it should. One example for this is how it missed the appearance of hardware RNG in AMD hardware for several years. They simply did not know it is there (I actually pointed it to Theo myself a year ago). I bet that they have missed other stuff in a similar fashion as well.

Frankly, the days when Open Source OS projects were PFY jobs and flaming each other out of existence on mailing lists was business as usual are long gone.

Time to grow up or face the dark stairway down down and down towards oblivion.

Well,

[Joseph_Daniel_Zukige (807773)]

I have thought along similar lines, but it really demonstrates something that we must quit ignoring.

"Free" is an illusion.

When we use "free" software, we pay for it one way or another. Time or money, and, no, time is not money.

Money is green stuff that you through around on the crops to make things grow, as somebody in some famous musical once said, quoting somebody else, I'm sure. When you collect too much money in one place, it goes fetid.

Time is the true currency, although too much time can go fetid as well.

The licenses are gentlemen's agreements. It's a trade of time for time, with rules of courtesy. (EULAs are _not_ gentlemen's agreements, I am not taking about those licenses, they don't deserve to be called licenses.) The licenses form the ground rules for the community that forms around the software. It's very much like the old guilds, although much more open in a very good way.

With the GPL, some of the rules of courtesy which are important for maintaining the infrastructure of the guild are explicit. We might assume that this is because Stallman is a cynic, or because he is a realist, but must people are still confused and think he is an idealist.

With the BSD license, the rules are implicit, derived from the external society, the (Christian, though not entirely uniquely so in the current view of history) principle of casting one's bread on the water. It is expected that the waters will bring the bread back, multiplied. And this is where things have broken down.

Even under the BSD license, the rules of giving back are natural laws, and are not suspended. Humans whose primary product are sales presentations have no idea that they have to give back or the resource will be depleted. Stallman recognized that, Theo has not yet.

People have to be reminded to be courteous, and that's why an idealist and general nice guy like Theo ends up making enemies. The license doesn't remind people, so he has to spend his energy reminding them.

Putting new source under GPL would be one solution, but, as is well known, it is not one that can really be considered yet. A new modified BSD that contains a non-binding reminder that the resources don't renew themselves may be what's in order right now.

Re:what a whiner

[Schraegstrichpunkt (931443)]

Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products.

What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.

That part wasn't written by Theo, as far as I can tell.

Re:what a whiner

[hhw (683423)]

Just because the BSD license doesn't force companies to give back, doesn't mean they can't do it anyway.

For a business that uses OpenBSD code, it would just make good business sense to support the project at a fraction of what it would cost to develop the same code in-house. It is ridiculous that Sun wouldn't even cover the travel expenses of an OpenBSD developer to go their conference, because the value of the developer's hours would have far exceeded such travel expenses. That's just simply bad business.

Let's Add Some Context Here

[Noksagt (69097)]

First, I think the OpenSSH question was baited. Even disregarding that, you excluded an insightful caveat from Theo's reply:

Of course we did not set out to create OpenSSH for the money -- we purposely made it completely free so that the "telnet infrastructure" of the 1980s would die. But it sure is sad that none of these companies return even a fraction of value in kind.

He acknowledges that not only was there no obligation for these companies to donate money, but that OpenSSH wasn't created to make money. I don't think it is unreasonable for him to ask for money, particularly when he has pointed out that some of the vendors selected OpenSSH after they were quoted high fees (multi-millions of USD) from the commercial SSH vendor.

OpenBSD has done good work & currently depends on receiving financial donations. Enlightened companies should notice that OpenBSD needs some funding right now & that it would be cheaper to fund them than to have to adopt the support and development of the OpenBSD products they use.

Re:what a whiner

[pherthyl (445706)]

Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.

What are you talking about? People use OpenSSH because it's by far the best out there. Nobody is locked into using it, the specs are open, anyone can code a replacement. It's just not easy to produce something of the same quality and security as OpenSSH. People are locked into Windows because of proprietary file formats and closed source applications; how is that in any way similar to OpenSSH?

But, like many celebrities, it's just never enough.

Sorry. CELEBRITIES? Hmm.. yeah sure, Theo is a celebrity. I'm sure he has paparazzi knocking on his door every day.

Sure Theo can be abrasive, but it's weird to see how gleefully people at the receiving end of his charity will attack him. It's always easy to be an armchair critic.

Re:what a whiner

[pherthyl (445706)]

If OpenSSH didn't exist, the ssh 1.3 source would probably have been picked up by GNU and we'd have free GnuSSH, without Theo's whining.

I'm sure you're right, it's not like we wouldn't have another SSH client, but would it be as good? The fact is that Theo and his team writes really good, really secure code. Someone who does security "for fun" is very rare and valuable. Most developers are quite naturally more interested in cool features than tedious code review.

Re:what a whiner

[lintux (125434)]

Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.

Actually, it isn't. You can also use LSH [lysator.liu.se] or Dropbear [ucc.asn.au], and for SSH clients there are even more alternatives (PuTTY is available for Linux, for example).

This article almost makes me consider using one of them...

Re:what a whiner

[cyberjessy (444290)]

What part of the BSD license does Theo not understand? Apple and SCO aren't "freeloaders", they are using the software under the intended license.
Furthermore, what makes Theo think that people want to run OpenSSH? At this point, it's as entrenched as Windows--nobody has a choice.

Dear friend, herein lies the indelible mark of your misunderstanding of the free software _Movement_, and will live on even after you are dead and gone.

The help he is asking is pocket change for the companies which use OpenSSH. For the work done in making it compatible with major projects of those companies. __If you read the article__ you will also note how IBM sends customer complaints to the OpenSSH team. And how Sun refused to pay for travel!

I find it painful.

Re:Sounds almost like a threat

[Valar (167606)]

No. It would be extortion if he were threatening to put security holes in SunSSH. He's just saying that without Sun's support, he can't be expected to analyze and warn them of bugs in their product. Or are you saying I have a legal requirement to disclose every bug I notice in every piece of software I use to the developer?

Re:Problem with BSD licencing

[Darby (84953)]

I've mentioned this in another post but be careful with words like "contributing". As California corporations and taxpayers companies like Apple and SCO paid for BSD's development. Apple have every moral and ethical right to use it.

They paid for ancient BSD development. However after the court cases were over, that went away.
They have every *legal* right to use it.
They have an ethical responsibility to contribute but this is in no way required.
Morality is individual, so were you talking about a person it would be their choice as to what their morality is. As you're discussing corporations, they inherently and as required by law are entirely amoral.

This is certainly about as clear a demonstration as you can find of the difference between the BSD license and the GPL, but other than that, which wasn't explicitly in there, there really isn't anything to your post.

Is Theo justified in calling the people who used his code without giving anything back asshats? Absolutely.
Can he force them to? Absolutely not.

That's the license he chose and he's well aware of the ramifications.

The thing to me that most sucks was that Stallman and the BSD folks basically made a bet on human nature.
The optomists are losing badly.

Re:I love OpenBSD

[Noksagt (69097)]

Does Google pay for Linux and Apache?

Google does submit patches to these projects and has sponsored interns and employees work on various open source projects.

Does Yahoo pay for FreeBSD

Yahoo! hosts the freebsd.org cluster. They pay bandwidth and power and most of the hardware. They even give hardware to developers and employ several coders for the project fulltime.

does Apple?

I don't know Apple's financial commitment. They do give code back. Furthermore, they have really forked FreeBSD, so aren't directly using all of the "upstream" support, maintenance, development, etc. of FreeBSD.

Re:Job interview question

[IgnoramusMaximus (692000)]

The exact reply to the question didn't really matter. The amount of time you think about it is what I look for.

Was it me, you would have found out that it takes only 0.3 seconds to have a horrible accident with your coffee spilling all over your lap. Applogies and all that, why, I am just such a horrible klutz!

Joking aside, but that sort of question would have me thanking you for the lovely opportunity to get interviewed by you, followed by a mental note not to ever do business with you, under any circumstances.

Has it ever occured to you that these types of smart-ass, self-congratulatory questions, main purpose of which is to show who is the smart alpha-dog in that interview room, are absolutely useless in ascertaining someone's workplace abilities? Oh, what am I talking about, if it had, you would not be asking that and all the other ridiculous "logic" puzzles I am sure you are inflicting on your poor hapless, victims ... err ... applicants.

Re:Fork it!

[merdaccia (695940)]

Then people wonder why de Raadt behaves the way he does. When I read this post, my first reaction was to send you to hell with enough bad language to put you in a first class seat. Maybe that's why de Raadt gets his stigma, by not taking a pause from his first reaction.

So you want to know that the money you give would go directly to support OpenSSH? According to de Raadt, there are six developers that focus on OpenSSH. These developers also work on other aspects of OpenBSD. What exactly do you want them to do? Divide your money between the six of them according to how many hours each works on OpenSSH? Do you want them to have separate network connections and hardware, and pay for it with your donation? How do you compensate the other OpenBSD developers when their ideas and contributions inevitably end up in the OpenSSH codebase?

The OpenBSD developers are a group of people working together. OpenSSH is the fruit of their work. The way to contribute directly to OpenSSH is to contribute funds to its developers. That's exactly what contributing to OpenBSD does, because the developers of OpenBSD and the developers of OpenSSH are one and the same.

So contrary to your second sentence, you have every interest in supporting OpenBSD. Saying otherwise is a disingenuous and pathetic attempt at justifying your reluctance to reward the people whose work you claim to respect.