Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×

OpenBSD Project in Financial Danger 610

DieNadel writes "In an entry to the OpenBSD Journal, Marco, from the OpenBSD project, warns about the somewhat disturbing financial situation in which they are now. The OpenBSD team is the one that also develops the OpenSSH suite, used nowadays almost everywhere. From the entry: 'What I want to point out what a lot of people don't seem to realize is that OpenSSH development is paid from the same pool of money as OpenBSD. OpenSSH is in use by millions around the world however the revenue stream just simply isn't there. This is where other projects could help. Without naming entities or projects by name there are others out there that are sitting on some cash. It would be wonderful if these entities could share some of the wealth to keep us going.'"
This discussion has been archived. No new comments can be posted.

OpenBSD Project in Financial Danger

Comments Filter:
  • by gregarican ( 694358 ) on Tuesday March 21, 2006 @12:15PM (#14964990) Homepage
    ...for Netcraft to weigh in on this one :-)
  • by r2q2 ( 50527 ) <zitterbewegung&gmail,com> on Tuesday March 21, 2006 @12:17PM (#14965008) Homepage
    This is really sad. I used to use openbsd and it is a great project. Very easy to install and a nice fast text based installer. Hopefully someone can pick up the slack and donate to this great project.
    • Re:Sad (Score:3, Interesting)

      by MikeFM ( 12491 )
      Do they have a page with info on how to donate? I don't use OpenBSD but I do use some of their other work so I'd be willing to toss in a few bucks here and there.
    • Re:Sad (Score:5, Insightful)

      by danielk1982 ( 868580 ) on Tuesday March 21, 2006 @12:26PM (#14965116)
      Hopefully someone can pick up the slack and donate to this great project.

      You?
    • Re:Sad (Score:4, Funny)

      by TedCheshireAcad ( 311748 ) <ted@fMENCKENc.rit.edu minus author> on Tuesday March 21, 2006 @01:02PM (#14965410) Homepage
      I am sure they will find the magical Open Source revenue stream somehow.
    • Re:Sad (Score:4, Funny)

      by B747SP ( 179471 ) <slashdot@selfabusedelephant.com> on Tuesday March 21, 2006 @01:52PM (#14965929)
      > Hopefully someone can pick up the slack and donate to this great project.

      Yeah, someone ought to do something about that

      (Note to Americans with mod points: that's sarcasm, kthxs)
  • Sorry, Theo (Score:2, Insightful)

    by bellers ( 254327 )
    Dear Theo:

    Maybe people are deciding you're just too much of a douche to put up with.

    I'm sure if you run out of money and cant work on openssh anymore that someone with the time and resources will pick up the ball and run with it. Such is the nature of OSS.

    Love,

    the Free Software Community.
    • I'm sure if you run out of money and cant work on openssh anymore that someone with the time and resources will pick up the ball and run with it. Such is the nature of OSS.

      Wow. That sounds a lot like holding companies and vulture capitalists. I thought we were all trying to get away from that horseshit.
    • It really is true. While it may be a good project, Theo is an absolute ass. I graduated from the same school as him (U of C) and they're still telling stories about how much an ass he was while he was there.

      I really hope OpenBSD doesn't die, because despite Theo the project obviously still has a lot of merit.

      But, having said that, it doesn't surprise me one bit to hear that it's in trouble... and the reason is completely self explanitory: Theo de Raadt.
    • Re:Sorry, Theo (Score:3, Insightful)

      by miscz ( 888242 )
      Love,

      the Free Software Community.
      Ummm, are you the entire free software community?
  • by tpgp ( 48001 ) on Tuesday March 21, 2006 @12:18PM (#14965024) Homepage
    I know some large companies (cough*apple*microsoft*redhat*cough*) can certainly afford to support openSSH, and need the project to continue running.

    These companies however would not want to give to an operating system project that competes with them.

    Maybe the openBSD & openSSH projects should seperate?
    • Good Lord, not Microsoft! (Not being an anti-MS junkie here but) From their history, whenever they buy out companies, they usually just strip out the technologies they can use and abandon those that help competing products (there's that antivirus and another piece of software I can't seem to recall). Since they own the product, they can also be more restricting with anyone who wants to pick up development. Developers would have to fork the code as it exists prior to the purchase.
      • It is not about purchasing, it is just about making a donation to the cause. I mean, it is *not* Linux and I am 100% sure any of the BSDs distros are aimed to go against Windows. And, it is not like anyone of them can (and had) used any of this code!

        As someone (who will probably be moded down) said before in the thread, the way this capitalist world is "profit or die". Companies that have used this software should donate some money to give a push to the software.
    • I can't imagine Apple or Microsoft would be the least bit concerned about losing users to OpenBSD.
    • Why does Microsoft need OpenSSH? I think they would be thrilled if OpenSSH were to die. Microsoft's command line is terrible, port forwarding doesn't work nearly as well with their products as Unix.... I'm not trying to be argumentative I just don't see any net benefit (I'm sure there are some minor ways Microsoft uses OpenSSH but...)
    • by zerocool^ ( 112121 ) on Tuesday March 21, 2006 @12:47PM (#14965293) Homepage Journal

      Maybe the openBSD & openSSH projects should seperate?

      This is exactly the first thing I thought when I read this story. It sounds like the developers are yelling: "OH NOES, OPENSSH IS DYING, WE NEED MONEY!!!!11", and then honest people, who want to support openssh, ask "How can I support OpenSSH?". The answer given is "Give money to OpenBSD."

      To me, that's unacceptable. It's classic bait-and-switch. I use OpenSSH every day of my life and if you count scripts and cronjobs, probably every hour of my life. But I could give a shit about OpenBSD. So, while I'd be willing to help OpenSSH out, I want to know that my money is being spent on OpenSSH. I don't want the overhead going to OpenBSD. There, I admit it - I expect something in return for the money I donate - it's my money so sue me.

      You want to get support for OpenSSH? Fork off the legal entity and make an OpenSSH foundation which can accept donations directly. We're not going to solve your OpenBSD problems for you, though.

      ~Will
      • "I like my tax money to fill potholes in the street outside my house, but not the ones in front of your house. Screw taxes, I'm not paying!"

        Same argument, only taxes aren't voluntary. This is.

        (Don't forget that the money you might give only to the OpenSSH project would go towards ensuring it works on about a dozen hardware platforms. I suppose you'd prefer that such money go only to OpenSSH/i386, because that's all you think you use?)
      • by Alioth ( 221270 ) <no@spam> on Tuesday March 21, 2006 @04:58PM (#14967555) Journal
        Do you use the X Window System (i.e. any Unix desktop?)
        In which case, OpenBSD is helping you. OpenBSD's new safer malloc()/free() implementation found security bugs in x.org recently.

        Same goes for most things that end up as part of OpenBSD - the stricter environment of OpenBSD shakes out bugs and the entire community benefits, not just OpenBSD users.

        OpenBSD benefits far more than its immediate userbase.

  • I think that when some people post of how good their competing project is (ie. Gnome vs. KDE, Linux vs. *BSD), most are secretly hoping that the people reading it would abandon the project for their own. Though I doubt the decrease in funds of the OpenBSD project is significantly caused by naysayers, I'm wondering now how these people feel when it actually comes to pass.

    As for the OpenBSD programmers, I wonder if at the very end, if no change happens, they will decide to create a different entity to handle
  • by ichin4 ( 878990 ) on Tuesday March 21, 2006 @12:19PM (#14965041)
    ...oh wait, I guess it really is!
  • Do what you can. (Score:5, Interesting)

    by Inoshiro ( 71693 ) on Tuesday March 21, 2006 @12:19PM (#14965042) Homepage
    As Maddog put it [slashdot.org]:
    "I believe it was at a conference in Australia (also in the 1996-1998 time frame) that I ran into a rather despondent Theo de Raadt, who told me that for lack of $300. his ISP was going to turn off the project's servers. I took out my checkbook and immediately wrote him a personal check for $300., to keep the OpenBSD servers alive. My comment to Theo was that "your project is too valuable to let die over a measly $300.""

    If you're really poor, just donate 5$.
  • Does it matter? (Score:2, Insightful)

    by MrChom ( 609572 )
    The SSH project will stay in development with or without BSD, there's no issue here of what would happen if OpenBSD ceased to exist. It's kinda like when most apps on Linux die, or simply cease development...if it's important then someone is there to pick up the pieces.
  • order an OpenBSD CD (Score:5, Informative)

    by lotzmana ( 775963 ) on Tuesday March 21, 2006 @12:20PM (#14965049)
    Brother, improving your security is as easy as ordering a CD: http://www.openbsd.org/orders.html [openbsd.org]

    The CDs that OpenBSD project sells is their main source of revenue and support.
    • "The CDs that OpenBSD project sells is their main source of revenue and support."

      It obviously, and unsurprisingly, isn't working for them. They should work on finding other ways to raise money.
  • How to get the money (Score:4, Interesting)

    by rice_burners_suck ( 243660 ) on Tuesday March 21, 2006 @12:20PM (#14965055)
    Somebody needs to set up a site where we can donate money to the OpenBSD project through PayPal or some other convenient method. This is an important project, and I think that a lot of people in the community realize that, but take for granted that development happens "for free."

    I also think that the OpenBSD project needs to start operating a bit more like a business. Services need to be offered that bring in a healthy revenue stream. Two areas where the OpenBSD development team excel are cryptography and code auditing. Both are related to security, which is a good industry these days. The OpenBSD site could offer paid services, such as code auditing for other projects to enhance security, etc. The OpenBSD developers should also set up a consulting business that performs setup and maintainance of OpenBSD installations, perhaps primarily for small businesses that aren't in the IT business, such as clinics, legal offices, automotive repair facilities, family operated stores, etc. These are relatively simple setups for those familiar with OpenBSD and projects from the larger open source community, and the effort would be minimal. These small businesses would be willing to pay a reasonable price for the service, since they would save greatly on software licensing.

    All of those methods could be used to bring in a healthy revenue stream for the OpenBSD project. But in the meantime, please get a PayPal account set up!

  • by karmawarrior ( 311177 ) on Tuesday March 21, 2006 @12:21PM (#14965064) Journal
    Software development costs money. When people like Theo work their asses off to get us high quality programming, like OpenBSD, OpenSSH, PF, and a host of other excellent operating system level tools and frameworks that most of us use every day without thinking about it, they need to be rewarded, not just because they've done a good job, but because every minute they devote to making these things for us, is a minute they can't spend on work that puts food on their plates and roofs over their tables.

    Unfortunately, they know that the best value they can give to the tools they provide is to make them free. But as long as the tools are free, there will always be those parts of society that do not contribute to the costs of their creation. And, unfortunately, that's not a minority of people. When was the last time YOU gave money to OpenBSD?

    This quagmire of people being unable to develop that that should be free will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

    You can help by getting off your rear and writing to your congressman [house.gov] or senator [senate.gov]. Tell them that critical free software is important to you. Tell them that you appreciate the work being done by the OpenBSD and GNU teams to support you with the software you need in your life but that if cheapskates keep refusing to contribute to the projects, ensuring people like Theo are not forced to hold down proper jobs, you will be forced to use less and less secure and intelligently designed alternatives. Explain the concerns you have about freedom, openness, and choice, and how a lack of money for Free Software harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on funding Free Software.

    You CAN make a difference. Don't treat voting as a right, treat it as a duty. Remember, it was thanks to ordinary people like YOU that we are now seeing such innovations as SMP in OpenBSD. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

    • Wow (Score:2, Flamebait)

      by NDPTAL85 ( 260093 )
      Did you notice your comment was modded funny? I'm not sure you meant it as a joke but thats how people are seeing it. The number of voters who would vote based on OSS issues alone is extremely small. There is a way for a software writer to stay out of bankrtuptcy, its known as charging for your work via proprietary methods. What Open Source is, is a failed business model. If you want to make money, don't be an idiot and release the fruits of your labor under the GPL or BSD license. If you don't mind starvin
    • Tell them that critical free software is important to you. Tell them that you appreciate the work being done by the OpenBSD and GNU teams to support you with the software you need in your life but that if cheapskates keep refusing to contribute to the projects, ensuring people like Theo are not forced to hold down proper jobs, you will be forced to use less and less secure and intelligently designed alternatives. Explain the concerns you have about freedom, openness, and choice, and how a lack of money for
  • by argoff ( 142580 ) on Tuesday March 21, 2006 @12:22PM (#14965070)
    OK, I apologize in advance because I already know this is going to piss some people off, but why don't they try going all GPL. That would make it so that proprietary development couldn't fork off the code base and so would probably make the project leads a center point for support, services, and custom jobs. Lots of other people like Red Hat are making money this way, I don't see why the OpenBSD team couldn't do it too. The fact that the free software movement is exploding in cash while Open BSD is suffering - shouldn't that be telling us something?
  • Old Joke (Score:5, Funny)

    by ajs318 ( 655362 ) <{sd_resp2} {at} {earthshod.co.uk}> on Tuesday March 21, 2006 @12:22PM (#14965071)
    Linus Torvalds and Bill Gates briefly saw Theo de Raadt in the Gents' toilets at an important computer show; Theo left the trough and walked away without washing his hands. A bit later, they saw him again and decided to take him to task over his indiscretion.

    "At Microsoft, we always wash our hands when we've been to the toilet!" said Bill, smugly.
    "I'm sure all the Linux developers wash and dry their hands when they've been to the toilet!" said Linus, determined to outdo Bill.
    "Fuck off, the pair of you," said Theo, "OpenBSD people don't piss on their fingers!"
  • Hmm.... (Score:5, Funny)

    by Locke2005 ( 849178 ) on Tuesday March 21, 2006 @12:24PM (#14965087)
    Isn't SCO using the OpenSSH code? Maybe they could kick in a few dollars to help maintain it... after all, won't they be getting several billion from IBM any day real soon now?
  • Plenty of OSS projects use OpenSSH, and it's obviously far less sexy and able to get donations as some of the projects that rely on it. It doesn't seem right that only OpenBSD should finance it. However, I've not heard of projects helping out the stuff they depend on before.
    Would it be a good thing if big projects with lots of money started to be expected to financially help the libraries they use? It might help with the development of good, reusable frameworks and libraries and maybe even help deal with on
    • Goes to show people how monetary figures give value to a product. In the case of OpenSSH, it's free so many people take it for granted. The truth is, OpenSSH is extremely important for a lot of people who administer these boxes. Even regular users may use it (SecureFTP) without knowing.
  • by NZheretic ( 23872 ) on Tuesday March 21, 2006 @12:25PM (#14965101) Homepage Journal
    OpenBSD's Donations [openbsd.org]:
    OpenBSD has no wealthy sponsors, nor a business model.

    Naturally, the OpenBSD project requires funds to operate, due to electrial costs, Internet line costs and the same hardware upgrades that everyone must experience. For this reason, the project sells CDROMs and T-shirts and posters. Thus, when you buy an OpenBSD CD, whether at a conference, from any sales site, or from our CDROM ordering page [openbsd.org], you are helping to increase the chance that OpenBSD will continue to make future releases.

    It is also possible to donate funds or hardware [openbsd.org], in which case your name ends up on our Donations page [openbsd.org].

    • Keeping in mind that I believe that his work and the OpenBSD project are important, a few words of advice. As someone who works at a very large non-profit let me say this, doing a good job isn't enough. You have to work just like any other business to stary afloat. And that means constantly dedicating time to fundraise and not acting as a "one-man-show". Perhaps he needs to hand off the reigns to someone else and let them manage the project and fundraising. He apparantly and not suprisingly is unable to ha
    • by alexhmit01 ( 104757 ) on Tuesday March 21, 2006 @01:45PM (#14965852)
      Ya know what would be nice? Making it easy for businesses AND individuals to contribute. If they don't want to be a business, fine, get the 501(c)3 status in the US and let people make tax deductable donations. Writing a check to Theo's personal account doesn't get considered as part of my charitable giving. I also by a few CDs with each release or two, whenever I'm ready to do another OpenBSD project...

      And guess what, the project makes me feel like a sucker... because usually whoever is shipping CDs is out of town, and they don't go out for 2-3 weeks, meanwhile, people have been downloading for free and I'm waitting for my CDs...

      You want businesses to pay more that use it? How about selling a business "OpenBSD license" that provides us X copies for some price on a per-server (or per-CPU license) under the BSD. Is it a joke, sure, because given 1 personal copy, I have a license to use it however I want. But if you sell me 5 $299 licenses, I can write it off as $1500 in software purchases. Alternatively, I could donate $1500, but then I can't write it off... This is rough on me as a small business owner, for no reason. A receipt for the purchase would help...

      However, asking for non-tax deductable donations is a non-starter. If I was an IT grunt in the field, knowing that I could buy a CD for the $20 or $30 and use it without effort (or download), but if I want to contribute, I could generate an online invoice and bring it to A/P.

      In that case, the geeks LOVE that they start the project immediately, and maybe the "invoice" gets paid, and maybe it doesn't. There is no loser in this scenario, but it would require the OpenBSD project to understand the people that they want money from and find a way to make it easy on us to give it to them.

      Alex
  • Sadly this shows once again that "pure" OSS cannot make money on its own. By "pure" I mean not relying on hardware sales and support contracts. Don't get me wrong - I use OSS, love OSS and I want OSS to be able to make money - but I cannot understand how that could possibly happen. Especially with the BSD license.

  • by amightywind ( 691887 ) on Tuesday March 21, 2006 @12:29PM (#14965138) Journal

    OpenBSD is a vital project that is lead by an amateur. OpenBSD had a sugardaddy [computerworld.com] in Darpa, but apparently offended them with negative comments. My question, who does he think will be most interested in his super secure OS?

    • FTA: "In that story, the resident of Calgary, Alberta, said the U.S.-led war against Iraq "sickens" him. De Raadt also said he was uncomfortable taking money from the U.S. military, but 'I try to convince myself that our grant means a half of a cruise missile doesn't get built.'"

      He should have thanked the U.S. Military for solving his moral dilemma for him.
    • So you think that because an open source project has received some US government funding that the high profile members of such projects should voluntarily gag themselves in order to please their sugardaddy?

      If de Raadt's anti-war comments were indeed the reason that the funding was pulled, shouldn't you look to blame DARPA for being amateurish/childish and not de Raadt for simple speaking his mind?
      • And back in the real world...

        So you think that because an open source project has received some US government funding that the high profile members of such projects should voluntarily gag themselves in order to please their sugardaddy?

        You do realize that "the government" is not some monolithic inhuman machine, right? If I'm giving money to someone who mouths off about how I'm "sickening" him, I'm probably going to get tired of it. It's not about "gagging" themselves, it's about wanting a bit of simple

      • Yesterday I sat though a 45-minute lecture on how positive thinking increases water quality and how we're all surrounded by powerful auras that can sour milk if we don't have a positive attitude. This lecture was from a person I work with as I was installing some software on her computer. Now, personally, I think the entire speech was New Age bullshit and it upset me that she was wasting my brain with that drivel, but I didn't say anything. I just grinned and bore it. You know why? Because I'm not a ja
  • What I want to point out what a lot of people don't seem to realize is that OpenSSH development is paid from the same pool of money as OpenBSD. OpenSSH is in use by millions around the world however the revenue stream just simply isn't there

    Okay, to explain why I consider that sooooo wrong, I present an analogy...

    The US space program costs billions of dollars per year, and really doesn't "do" all that much - aside from the occasional high-profile exploration mission, it primarily launches satellites fo
  • by phaxkolumbo ( 572192 ) <phaxkolumbo@@@gmail...com> on Tuesday March 21, 2006 @12:30PM (#14965145)
    The Dead Collector: Bring out yer dead.
    [a man puts a body on the cart]
    Man: Here's one.
    The Dead Collector: That'll be ninepence.
    OpenBSD: I'm not dead.
    The Dead Collector: What?
    Man: Nothing. There's your ninepence.
    OpenBSD: I'm not dead.
    The Dead Collector: 'Ere, he says he's not dead.
    Man: Yes he is.
    OpenBSD: I'm not.
    The Dead Collector: He isn't.
    Man: Well, he will be soon, he's very ill.

    Just joking, here's to hoping OpenBSD gets better (financing) soon. (and you can change "Linux Zealot" to "Man" if you're so inclined...)
  • I suppose that reopening conversations with DARPA is out of the question? I was very hopeful when I heard about this, but disappointed when the support was withdrawn. I don't know the reason, but if it was for some idealistic plan on Theo on how to position OpenBSD, I support it. I don't know how to remedy this situation, but can only think of offering paid support (shudder) to companies utilizing OpenSSH. Either that or a grass roots tshirt campain! Let's see some better designs on some nice American
  • quick & painless (Score:4, Informative)

    by rehabdoll ( 221029 ) on Tuesday March 21, 2006 @12:31PM (#14965156) Homepage
    http://openbsd.org/donations.html [openbsd.org] - quite painless.
  • by schnell ( 163007 ) <me AT schnell DOT net> on Tuesday March 21, 2006 @12:36PM (#14965200) Homepage

    "It would be wonderful if these entities could share some of the wealth to keep us going."

    Wow, that's a weak response. It sounds like they're basically asking other F/OSS projects to fork over cash because OpenBSD can't raise money. And it makes F/OSS groups look like the business-challenged hippies that some people think they are.

    If you are going to have an OpenBSD organization, then that means that part of your job is raising funds to keep yourself a going concern. Let me repeat: your job is no longer just to write code, but to bring cash in the door so that you can continue to get paid. If you are building products that world + dog are using, then that should be pretty easy. If you are not capable of raising funds, then you need to find someone who is good at it to help you out. There are plenty of those people out there - any semi-competent second-year marketing student should be able to significantly increase their funding channels over what they have now.

    I'm sorry but I just don't think you can say, "hey, other open source organizations have done a good job working with the public and the press, and they raised funding, so why can't we have it?" It just hacks me off when programmers complain about the business-types at an organization, then discover it's actually harder than they think. And in this case they have taken the additional step of not trying to remedy the problem, but actually glomming off other groups that have maintained done great work with fundraising and marketing their products.

    I have supported OpenBSD myself in the past by buying install discs and T-shirts. I think OpenBSD is a fantastic OS and I will contribute my few bucks here and there to keep them going. But if OpenBSD's answer to their money problems is not to fix their own house but rather to ask others to fork over - it probably means they'll just get in this same hole again later! I think they need to have a better answer to this question if my support (or anyone else's) isn't just going to be money down the drain.

    • by Bogtha ( 906264 ) on Tuesday March 21, 2006 @01:11PM (#14965478)

      It sounds like they're basically asking other F/OSS projects to fork over cash because OpenBSD can't raise money.

      What are you talking about? Let's look at that quote in full:

      OpenSSH is in use by millions around the world however the revenue stream just simply isn't there. This is where other projects could help. Without naming entities or projects by name there are others out there that are sitting on some cash. It would be wonderful if these entities could share some of the wealth to keep us going.

      It seems to me that he's talking about businesses such as RedHat, who include OpenSSH in their products, not random open-source projects.

      If you are going to have an OpenBSD organization, then that means that part of your job is raising funds to keep yourself a going concern.

      And if you were keener on reading the article than flaming, you would see that they had a working revenue stream in the form of selling CDs, but that people were moving away from it in preference to obtaining it for free.

      The demand isn't any less, they aren't losing any users, they are just having to deal with people less willing to spend money when they can get something for free. It seems very reasonable to hint - without naming names - that the businesses who base their products on OpenBSD's work should contribute a bit. It's in their own best interests even.

    • "It would be wonderful if these entities could share some of the wealth to keep us going."

      Wow, that's a weak response. It sounds like they're basically asking other F/OSS projects to fork over cash because OpenBSD can't raise money. And it makes F/OSS groups look like the business-challenged hippies that some people think they are.


      Man this is astute. The problem as I see it is that OpenBSD relied on a revenue generating source (people buying CDs) that was a dead end. Go back, say, 2 years ago and yes,
  • ...to an escrow account for making OpenSSH have the GPL-compatible BSD license. Or if he insists on having his name on closed source software, a BSD/GPL dual license. It seems everyone and his mother (except debian-legal) link it anyway on a don't ask, don't tell basis but that's not what the license says. Yes, I'm talking about the attribution clause.
    • OpenSSH is already BSD licensed. The BSD license is 100% GPL compatible. Perhaps you are thinking of OpenSSL, which uses and old Apache license which is not GPL compatible.
      • Oh, you mean the required library that makes OpenSSH actually do anything useful, like anything to do with cryptography. Sorry, my bad. I wasn't aware that they weren't maintained by the same people. I've just always assumed OpenSSH itself was the problem (and for the anonymous coward, the OpenSSH page completely ignores this and only the OpenSSL page mentions it). I know debian-legal has had issues with it, apparently because OpenSSL taints OpenSSH and makes them incompatible with the GPL. So what I wanted
  • by stlhawkeye ( 868951 ) on Tuesday March 21, 2006 @12:43PM (#14965253) Homepage Journal
    After my Linux box got hacked for the 3rd time, I switched to OpenBSD. Here's about how it went. (1) Go to web site, pay for CDs (2) Wait 2 weeks (3) Wait 3 more weeks (4) Contact webmaster, ask what's going on, receive no response (5) Wait another month (6) Try again to contact somebody at OpenBSD, receive no response (7) Wait two more months, give up on trying to contact anybody, write off OpenBSD as a bust (8) CDs arrive in mail almost 4 months after I ordered them in cracked, broken jewel cases with one CD scratched beyond the ability of my drive to read it. Luckily it was the source CD and I didn't need it. (9) Write to OpenBSD people to say I got my CDs but the quality was god-awful, the delay was ridiculous, and one of them was busted. Receive no response. Regardless, my OpenBSD box is going on 3 years hack-free with minimal effort on my part to keep it that way. Regardless, I'm unlikely to go through OpenBSD again. When I order a product, waiting over a quarter of the year is unreasonable, and it could at least arrive NOT broken and all screwed up. And they could at least acknowledge that they receive my email, even if only to tell me to piss off.
  • by corbettw ( 214229 ) on Tuesday March 21, 2006 @12:48PM (#14965298) Journal
    No one's made this observation yet, so I figure I should: the flip side to OpenBSD not having enough money to maintain operations means that the software they make, especially OpenSSH, is in danger of being no longer supported. Yes, yes, I know, it's free software, so someone else can pick up the pieces after Theo is forced to take his toys and go home. But the reality is that no business in the world should trust software who's creator is about to implode.

    What happens in six months when OpenSSH is no longer actively supported by the team that created it and a new exploit is discovered/released? What responsible IT manager is going to let his employer get into the potential problem in the first place?

    I say, rather than begging for donations, the OpenBSD team needs to get their act together and find a way to keep the lights on, or they're going to see fewer and fewer people trusting the use of their software in large corporate environments. If that means the leader of the team needs to keep his mouth shut about his anti-war views when he's depending on a grant from the US Defense Department to keep his operation going, then that's what he needs to do. Being an adult means doing things you don't neccessarily want to do, like eating your peas and broccoli.
  • by fak3r ( 917687 ) on Tuesday March 21, 2006 @12:58PM (#14965377) Homepage
    Really, think about what a resourse openbsd.org site is, if they had those tacky Google ads it would recieve a ton of pageviews, and clickthroughs likely since it'll tailor it's ads to BSD/Open Source stuff. Might go against the whole philosophy of the project, which I completely respect, but if it saves said project, it may be a required trade off. With the proliferation of broadband expect to see things like CD sales to continue to dwindle.
  • by chill ( 34294 ) on Tuesday March 21, 2006 @01:20PM (#14965566) Journal
    ...is that there is no corporate entity at all. You make checks out to "Theo de Raadt", which *isn't* going to happen from any really large company with deep pockets. There is zero tracability and zero accountability.

    When the U.S. DoD was funding them, the disbursements were handled thru a University or some such.

    They need to grow up as an organization. Find a sympathetic accountant to donate his time/effort to establish a tax-free (and tax deductable) non-profit in Canada and an arm in the U.S. Hell, maybe one in the EU and one down under as well.

    This will make them infinitely more appealing to corporations who have deep pockets and MAJOR qualms about writing big checks out to individuals.

      -Charles
    • "There is zero tracability and zero accountability."

      Funny because there is exactly that on the side of the people/organizations using OpenBSD/OpenSSH, you can get it for free, use it, sell it, etc and not even have to distribute source code or anything. The funny thing is business not trusting Theo with their money, but trusting his project with their critical infrastructure.

Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie

Working...