"People seem to think, 'OpenBSD is not what I run, so I don't need to help them.' I worry that this is what holds people back from doing the right thing, which is to fund OpenSSH, and thus OpenBSD will survive and improve, and then any improvements in OpenBSD will drive improvements in OpenSSH.
"Like when OpenBSD got so much address space randomization and propolice, but that magic day when we realized that every OpenSSH sshd process was still an address-space-clone of the parent. That is because every connection you make causes the parent sshd to fork, and this new process has the same propolice cookie, the same address space layout, the same random stack gap at the top, and even the same malloc layout. That is when we re-architectured OpenSSH so that it instead does a fork + execve, so that the new processes would be dissimilar to each other. That kind of approach would never have come out of any other development group."
The only response I got was that there are parts of Solaris that compete with OpenSSH, and that because of this, the company would rather not comment further on the issue. Presumably Sun is referring to SunSSH, an OpenSSH derivative included with Solaris, though it's likely that the Sun no-commenters were not aware of SunSSH's heritage.
At the time of this article's publication, IBM did not have any comments to offer. Perhaps they were too busy punting their customer support complaints to the OpenSSH programmers:
"As a side note," said de Raadt on an OpenSSH mailing list, "earlier today IBM Support actually sent an energy company with whom they have a multi-million [dollar] support contract to our private development mailing list saying we had to fix a customer bug. I was shown an extensive set of IBM support emails with the customer where they were refusing to take responsibility for the issue, and finally told their customer that OpenSSH was responsible for fixing their problem. I say shame you, IBM, SHAME ON YOU. You take their money and want us to make your customers happy."
Perhaps, though, there is more to it -- Sun, IBM, Red Hat, and Novell all sell Linux-based operating systems that compete with OpenBSD. Do they have an interest in watching OpenBSD suffer and fail, even if it means losing OpenSSH in the process? Such an attitude could be the biggest case of nose amputation the face of the operating system world has yet seen.
OpenBSD programmers also squash important bugs in ancillary software such as X.org. In one recent example, OpenBSD helped discover and fix bugs in X.org's pixmap library that had been there for ten years:
Originally posted by: doornail
I hate to say it, but one of the problems could be the spokesman. Theo de Raadt can be pretty caustic. Yes, it's a crummy reason but people are like that.
Originally posted by: kamper
This turned into an instant flamefest over on osnews.
There are a lot of stupid people over there
I don't see why they should. Theo makes no efforts to play nice with the linux crowd, it just comes down to fundamental differences of opinion on some matters. I wouldn't expect the linux crowd to jump to OpenBSD's defence, since they produce plenty of their own software which competes, in a sense, for funding. The stupidity I was referring to were the people who either claimed that OpenBSD should be GPLed and that that would solve the funding problem.Originally posted by: n0cmonkey
Originally posted by: kamper
This turned into an instant flamefest over on osnews.
There are a lot of stupid people over there
I read a bit of the comments and was disgusted at the stupidity. It's great to see how the free software community sticks together...
Originally posted by: kamper
I don't see why they should. Theo makes no efforts to play nice with the linux crowd, it just comes down to fundamental differences of opinion on some matters.
I wouldn't expect the linux crowd to jump to OpenBSD's defence, since they produce plenty of their own software which competes, in a sense, for funding.
The stupidity I was referring to were the people who either claimed that OpenBSD should be GPLed and that that would solve the funding problem.
But he does bash their license and their methodology and their code quality every other time he's interviewed and I wouldn't expect too many of them to react nicely to that (regardless of whether or not they should). And it's not like the linux crowd never produced any widely used software. Everyone contributes to open software in general and nobody owes anybody anything for it in the end. I'd say OpenSSH is the only one big enough to make a real claim on, but the linux community isn't necessarily the one that should be paying for it.Originally posted by: n0cmonkey
Portable OpenSSH isn't playing nice? OpenNTPD? Fixing 10 year old X bugs? Submitting patches back upstream for gcc and other GPLed tools in use is being mean? Getting companies to release documentation on hardware isn't a good thing for Linux?
There's a reason Theo got the 2004 Free Software Award.
Err, none? It's not like there's money out there earmarked specifically and only for free ssh software. Obviously there's lots of projects out there that need money for all sorts of different software.I wouldn't expect the linux crowd to jump to OpenBSD's defence, since they produce plenty of their own software which competes, in a sense, for funding.
I must have missed it, which major SSH software did the GNU people produce?
Originally posted by: kamper
But he does bash their license and their methodology and their code quality every other time he's interviewed and I wouldn't expect too many of them to react nicely to that (regardless of whether or not they should).
And it's not like the linux crowd never produced any widely used software. Everyone contributes to open software in general and nobody owes anybody anything for it in the end. I'd say OpenSSH is the only one big enough to make a real claim on, but the linux community isn't necessarily the one that should be paying for it.
Err, none? It's not like there's money out there earmarked specifically and only for free ssh software. Obviously there's lots of projects out there that need money for all sorts of different software.
I think it would behove the linux community to co-operate with OpenSSH, but asking them take Theo's stance to supporting a project under a license they don't agree with isn't reasonable, it's forcing them to adopt OpenBSD's philosophy on too many things. And I don't think that's what Theo is asking. He says quite cleary from time to time that if you don't like his project, you can just go your seperate way.
The big companies are another story, of course, but even asking Redhat for money is pushing it a bit. They are completely based around packaging free as in beer software and selling support for it so, while it would be convenient for them to dole out a little of their profits for OpenSSH, I don't think they have any obligation to feed money back into every project they make use of. At least as long as there are better candidates for funding.
I think it would behove the linux community to co-operate with OpenSSH, but asking them take Theo's stance to supporting a project under a license they don't agree with isn't reasonable, it's forcing them to adopt OpenBSD's philosophy on too many things. And I don't think that's what Theo is asking. He says quite cleary from time to time that if you don't like his project, you can just go your seperate way.
Originally posted by: drag
ya. Openssh is one of the most important applications that people use.
Although to be honest OpenSSH isn't the only secure shell server out there in free-software land. For instance: http://www.lysator.liu.se/~nisse/lsh/ That's the GNU ssh implimentation.
That and if the OBSD folks were to stop working on openssh completely it's not like other people wouldn't take over almost immediately.
Of course OBSD itself is important and needs to be supported.
Sure, the people who think OpenSSH should be GPLed have opinions too. And everyone's opinion is wrong in someone else's eyes. There's nothing that can be done about it.Originally posted by: n0cmonkey
Originally posted by: kamper
But he does bash their license and their methodology and their code quality every other time he's interviewed and I wouldn't expect too many of them to react nicely to that (regardless of whether or not they should).
You should know what they say about opinions.
Big companies, absolutely. By 'linux community' I've generally been referring to people hacking it for free, or using it in their basements. People who aren't making money off of it. If big company employees were in there arguing that they shouldn't have to give money because they're part of the linux community then I'd calling them idiots too.And it's not like the linux crowd never produced any widely used software. Everyone contributes to open software in general and nobody owes anybody anything for it in the end. I'd say OpenSSH is the only one big enough to make a real claim on, but the linux community isn't necessarily the one that should be paying for it.
Why not? They use it more than the BSD community. Look at IBM, HP, and Sun. How many linux boxes do you think they've sold? Why shouldn't they be kicking in some money for something that's saved them millions.
gcc? linux (the kernel)? GNU c libraries? KDE? X11? Who's to say? It's not something you can judge very precisely. Some people would call KDE or Gnome more important because they want linux on the desktop and rarely do remote, command-line logins. You might disagree with them, but you know what they say about opinions...Err, none? It's not like there's money out there earmarked specifically and only for free ssh software. Obviously there's lots of projects out there that need money for all sorts of different software.
How many are as important as OpenSSH?
Again, you're trying to force everyone to accept your definition of free (it's mine too). But I'd still value free speech over my version of free software.I think it would behove the linux community to co-operate with OpenSSH, but asking them take Theo's stance to supporting a project under a license they don't agree with isn't reasonable, it's forcing them to adopt OpenBSD's philosophy on too many things. And I don't think that's what Theo is asking. He says quite cleary from time to time that if you don't like his project, you can just go your seperate way.
Yes, if you don't believe in free software there are alternatives.
Rereading, I don't remember exactly what I meant by that last sentence.Of course they don't have to. I know they're hurting for money, and there are more important pieces of underfunded software out there than OpenSSH. That poor Linus guy is probably starving. Or the non-Free Apache guys, they're wasting away! :roll:The big companies are another story, of course, but even asking Redhat for money is pushing it a bit. They are completely based around packaging free as in beer software and selling support for it so, while it would be convenient for them to dole out a little of their profits for OpenSSH, I don't think they have any obligation to feed money back into every project they make use of. At least as long as there are better candidates for funding.
Yeah, because there's no gpl code in the openbsd cvs repository :roll: There comes a point when practical considerations are more important than the differences between the bsdl and gpl. And it's much easier for the gpl people to use the less restrictive bsdl stuff.Originally posted by: n0cmonkey
If they don't agree with the license, why are they using the software?I think it would behove the linux community to co-operate with OpenSSH, but asking them take Theo's stance to supporting a project under a license they don't agree with isn't reasonable, it's forcing them to adopt OpenBSD's philosophy on too many things. And I don't think that's what Theo is asking. He says quite cleary from time to time that if you don't like his project, you can just go your seperate way.
You might be going just a little bit overboard thereLosing OpenSSH is pretty much giving the world to Microsoft on a silver platter.
Originally posted by: kamper
gcc? linux (the kernel)? GNU c libraries? KDE? X11? Who's to say? It's not something you can judge very precisely. Some people would call KDE or Gnome more important because they want linux on the desktop and rarely do remote, command-line logins. You might disagree with them, but you know what they say about opinions...Err, none? It's not like there's money out there earmarked specifically and only for free ssh software. Obviously there's lots of projects out there that need money for all sorts of different software.
How many are as important as OpenSSH?
Originally posted by: kamper
gcc? linux (the kernel)? GNU c libraries? KDE? X11? Who's to say? It's not something you can judge very precisely. Some people would call KDE or Gnome more important because they want linux on the desktop and rarely do remote, command-line logins. You might disagree with them, but you know what they say about opinions...
Again, you're trying to force everyone to accept your definition of free (it's mine too). But I'd still value free speech over my version of free software.
Originally posted by: kamper
Yeah, because there's no gpl code in the openbsd cvs repository :roll: There comes a point when practical considerations are more important than the differences between the bsdl and gpl. And it's much easier for the gpl people to use the less restrictive bsdl stuff.Originally posted by: n0cmonkey
If they don't agree with the license, why are they using the software?I think it would behove the linux community to co-operate with OpenSSH, but asking them take Theo's stance to supporting a project under a license they don't agree with isn't reasonable, it's forcing them to adopt OpenBSD's philosophy on too many things. And I don't think that's what Theo is asking. He says quite cleary from time to time that if you don't like his project, you can just go your seperate way.
You might be going just a little bit overboard thereLosing OpenSSH is pretty much giving the world to Microsoft on a silver platter.
I'm obviously just playing devil's advocate here. I've actually waded through all ~120 posts in the osnews article and got carried away enough that some of my posts started to sound like Theo himself.
I think I have a decent grasp on it. Note that I'm not arguing that it's not important or shouldn't get funding. I'm just playfully trying to explain why all the linux community isn't 100% gung-ho about the funding drive. You're wiser than most of them thoughOriginally posted by: drag
Umm....
I don't think you understand the scope of the issue here. OpenSSH is very important.
I'm honestly starting to lose track of what we're arguing about.Originally posted by: n0cmonkey
No, I'm just using free as in freedom. If they want to have other definitions of free more power to them.
Originally posted by: kamper
I think I have a decent grasp on it. Note that I'm not arguing that it's not important or shouldn't get funding. I'm just playfully trying to explain why all the linux community isn't 100% gung-ho about the funding drive. You're wiser than most of them thoughOriginally posted by: drag
Umm....
I don't think you understand the scope of the issue here. OpenSSH is very important.
Originally posted by: kamper
I'm honestly starting to lose track of what we're arguing about.Originally posted by: n0cmonkey
No, I'm just using free as in freedom. If they want to have other definitions of free more power to them.
I'm about ready to be bored of it now

 
				
		