"You are trying to make sure that maintainers of code -- ie. any random joe who wants to improve the code in the future -- has LESS ACCESS to docs later on because someone signed an NDA to write it in the first place."
The OpenBSD project maintains a six month release cycle, with the upcoming 4.2 release officially scheduled for November 1'st. Each release includes a song relevant to current issues faced by the project. For this release the song is titled "100001 1010101", about which OpenBSD creator Theo de Raadt notes, "it is designed to sound like a mid-era Rush song, ie. something from Grace Under Pressure or such. And there's a few easter eggs hidden in the song as well. It also explains the inside sleeve image..." The referenced image shows a marathon between some of the different operating system mascots, running a a race through often hostile looking surroundings, fraught with distractions. Toward the bottom is an obvious reference to the recent issue of relicensing BSD code under the GPL, in which Puffy, the OpenBSD mascot, shows a map to Tux, the Linux mascot, and the latter takes off with it. The OpenBSD lyrics page explains that BSD code is shared with all, even non-open-sourced projects who respect the license and frequently return code, "we fully admit that some BSD licensed software has been taken and used by many commercial entities, but contributions come back more often than people seem to know, and when they do, they're always still properly attributed to the original authors, and given back in the same spirit that they were given in the first place." Theo noted, "that's the best we can expect from companies," going on to add, "but we can expect more from projects who talk about sharing -- such as the various Linux projects." He explained:
"Now rather than seeing us as friends who can cooperatively improve all codebases, we are seen as foes who oppose the GPL. The participants of "the race" are being manipulated by the FSF and their legal arm, the SFLC, for the FSF's aims, rather than the goal of getting good source into Linux (and all other code bases). We don't want this to come off as some conspiracy theory, but we simply urge those developers caution -- they should ensure that the path they are being shown by those who have positioned themselves as leaders is still true. Run for yourself, not for their agenda.
"The Race is there to be run, for ourselves, not for others. We do what we do to run our own race, and finish it the best we can. We don't rush off at every distraction, or worry how this will affect our image. We are here to have fun doing right."
"Reyk and I have decided to show something from the private handling of this Atheros copyright violation issue," OpenBSD creator Theo de Raadt began in a posting to the OpenBSD -misc mailing list referring to the recent relicensing of OpenBSD's BSD licensed Atheros driver under the GPL. He noted, "it has been like pulling teeth since (most) Linux wireless guys and the SFLC do not wish to admit fault. I think that the Linux wireless guys should really think hard about this problem, how they look, and the legal risks they place upon the future of their source code bodies." He stressed that the theory that BSD code can simply be relicensed to the GPL without making significant changes to the code is false, adding, "in their zeal to get the code under their own license, some of these Linux wireless developers have broken copyright law repeatedly. But to even get to the point where they broke copyright law, they had to bypass a whole series of ethical considerations too." Theo went on to explain:
"I believe these people have received bogus advice from Eben Moglen regarding how copyright law actually works in a global setting. Perhaps the internationally based developers should rethink their approach of taking advice from a US-based lawyer who apparently knows nothing about the Berne Convention. Furthermore, those developers are getting advice freely from ex-FSF people who have formed an agency with an agenda. Some have suggested that the SFLC was formed to avoid smearing the FSF with dirt whenever the SFLC does something risky. Don't get trampled; there could be penalties besides looking unethical and guilty. Be really cautious, especially with things like this coming to mess with our communities."
During the continuing debates regarding the legality and fairness of re-licensing BSD licensed code, it was asked why the BSD license couldn't be extracted from Windows applications known to include BSD licensed code. OpenBSD creator Theo de Raadt explained, "what you ran strings on is not 'source code'. It was the binary," pointing to the first clause of the BSD license used by the code in question which says, "
redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer." He then quoted the second clause of the BSD license, "
redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution," and added, "if you take your Microsoft documentation, and dig really deep, you will find the whole notice copied into it there. Go ahead, you'll find it."
Theo continued, explaining that earlier versions of the BSD license used in OpenBSD and other BSD projects still had the advertising clause which required all advertising materials for products using their code to include a notice stating, "
this product includes software developed by the University of California, Berkeley and its contributors." He added, "and.. once again, older copies of Windows DID follow that rule, too, just like Sun and everyone else," noting that one exception was AT&T and the Unix System Laboratories, "who included modified BSD manuals in their Unixware commercial distributions, and that mistake resulted in USL losing the USL v BSDI & University of California lawsuit. (I have simplified the situation, s/losing/settling at a serious loss/)."
Discussion continues on the Linux Kernel mailing list about the legality and morality of re-licensing BSD/GPL dual-licensed code under only the GPL. Alan Cox replied to Theo de Raadt's comments suggesting he was encouraging people to break the law, "re-read my email and then apologize. I do question the .h files where they are BSD licence and no changes were made to the work. I also point out that the dual licence on that code appears to give permission to distribute under one of those licences by choice." In response to Theo's request that code be shared both ways rather than converted to a sole GPL, "that's about the first thing I would agree on - its somewhat rude and not something I personally would usually choose todo." He then cautioned that this was a limitation of the BSD license:
"If OpenBSD wants a world where code must be returned, but you can mix it with free code in a product in some fashion and do binary only releases then OpenBSD needs to fix its licencing. Not to GPL which is clearly not the BSD intention but to something which does what BSD wants rather than an academic research licence developed thirty odd years ago for the purpose of showing that US research funds were properly spent. Perhaps its time for BSD2 licencing?"
OpenBSD project creator Theo de Raadt detailed his concerns regarding BSD-licensed code and Dual-BSD/GPL-licensed code being re-licensed under only the GPL as previously discussed here, "honestly, I was greatly troubled by the situation, because even people like Alan Cox were giving other Linux developers advice to ... break the law. And furthermore, there are even greater potential risks for how the various communities interact." He went on to add:
"It may seem that the licenses let one _distribute_ it under either license, but this interpretation of the license is false -- it is still illegal to break up, cut up, or modify someone else's legal document, and, it cannot be replaced by another license because it may not be removed. Hence, a dual licensed file always remains dual licensed, every time it is distributed."
Theo then talked about cases where a significant amount of code is added or changed, "if you add 'large pieces of originality' to the code which are valid for copyright protection on their own, you may choose to put a different and separate (must be non-conflicting...) license at the top of the file above the existing license." He then suggested, "if you wish for everyone to remain friends, you should give code back. That means (at some ethical or friendliness level) you probably do not want to put a GPL at the top of a BSD or ISC file, because you would be telling the people who wrote the BSD or ISC file, 'thanks for what you wrote, but this is a one-way street, you give us code, and we take it, we give you you nothing back.'"
In a recent series of patches posted to the Linux Kernel mailing list, it was proposed that some imported Atheros wireless device drivers be re-licensed, some from a dual-BSD/GPL license, others from a modified BSD license, all to a pure GPLv2 license. Christoph Hellwig asked, "is this really a good idea? Most of the reverse-engineering was done by the OpenBSD folks, and it would certainly be helpful to work together with them on new hardware revisions, etc.." Luis Rodriguez suggested that there was no choice, "technically the best we can do is to leave the license as dual licensed, but keep in that technically that means nothing and is just for show, the GPL is what would apply as its derivative work and is the most restrictive license."
The patch series was also discussed on OpenBSD's -misc mailing list where it was asked, "is Reyk [Floeter] and others working on this drivers code dual licensed (from the diff it doesn't seem like it is, since I see a BSD 3 Clause)? Also say I submit a patch for this driver, does that mean this will have to be dual licensed also or can I choose if it is BSD 3 Clause or GPLv2?" Theo de Raadt replied pointing out that there are two parts to the driver, one part written by Reyk Floeter, and another part written by Sam Leffler, "Reyk's code is *NOT* dual-licensed under the GPL. He has explicitly stated that his code is not dual-licenced. The file have no GPL on them. He's the author, he said so. None else can add a GPL to it." He went on to note that the files written by Sam Leffler are dual licensed with the clause, "alternatively, this software may be distributed under the terms of the GNU General Public License ("GPL") version 2 as published by the Free Software Foundation," stressing that 'alternatively' means 'or', "that means that if anyone makes changes to that file and distributes it, after their changes are in the file then EITHER license will apply."
OpenBSD creator Theo de Raadt highlighted a recent commit to the NetBSD source tree saying, "if anyone had any doubt that our insistence on freedom was important, just read this." The referenced commit message describes an effort to work around issues with a blob that is included with NetBSD, something strongly avoided by the OpenBSD project. The commit message states:
"The Atheros HAL on MIPS uses %s7 as a general purpose register, but the rest of the kernel uses it to store the value of curlwp. Sam won't recompile the HAL for us (fair enough), and we can't modify the HAL to use another register because doing so could put us in breach of the license (v. crappy). So, do a save/set/restore on %s7 in KernIntr() and in the stubs that the HAL uses to call back into the kernel.
"Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files."
Theo de Raadt [interview] described an active effort by OpenBSD developers to work around "serious bugs in Intel's Core 2 cpu". He went on to explain, "these processors are buggy as hell, and some of these bugs don't just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code. As is typical, BIOS vendors will be very late providing workarounds / fixes for these processors bugs. Some bugs are unfixable and cannot be worked around. Intel only provides detailed fixes to BIOS vendors and large operating system groups. Open Source operating systems are largely left in the cold." He provided a link to the full errata (in PDF format) as well as a graphical overview, summarizing:
"Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare the hell out of us. Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware. Now Intel is telling people to manage the MMU's TLB flushes in a new and different way. Yet even if we do so, some of the errata listed are unaffected by doing so.
As I said before, hiding in this list are 20-30 bugs that cannot be worked around by operating systems, and will be potentially exploitable. I would bet a lot of money that at least 2-3 of them are."
"OpenBSD is free as in air," Theo de Raadt [interview] stated in a recent thread on the OpenBSD -misc mailing list. The discussion began with a note that the Open Sound System [story] had recently been "open sourced" under the GPLv2 and CDDL leading Theo to comment, "noone cares about being Open and Free anymore. They just care about being called Open and Free, and how convenient -- a bunch of laywers generated an organization that will label them Open and Free when they are not in fact so."
Later in the discussion it was asked why the OpenBSD project used the BSD license rather than simply releasing the code into the Public Domain. Theo explained, "we wish to retain the legal right to be known as the author, and not have our names taken off the files. With public domain, that stuff at the top of the file is taken away first, before anything else is done," noting that this is explained in the license at the top of each file, "just that bit; nothing else."
"ANY rule which reduces your rights is unacceptable," explained Theo de Raadt [interview] in a brief discussion on the OpenBSD -misc mailing list, "especially when the full consequences of such a set of rules may be unclear -- which it always is." The comment was in response to a query about why Intel's firmware was considered non-free. Theo went on to explain:
"Normal free software has no 'contract law' issues, because it is simply given away under 'copyright law with almost all author's rights revoked'. Contract law works differently, because it is based more on the principle of 'you got something, now you have to give something back'. The minute you see a URL like that explaining things in such a way, you should realize that the addition of 'rules' means you are in a different legal system.
"Copyright has no way to apply such rules, therefore [the Intel firmware] is not free."
Greg Kroah-Hartman's announcement for free Linux driver development [story] included the necesssary legal framework to honor NDAs when creating GPL'd drivers. This allowance was discussed on the OpenBSD -misc mailing list. In a public exchange with Greg KH, Stephan Rickauer said, "now these companies have a great excuse to keep specs locked up tight under NDA, while pretending to be 'open.' The OpenBSD project has made clear more than once how this will hurt Free Software in the long run. Signing NDA's ensures that Linux gets a working driver, sure, but the internals are indistinguishable from magic. It is a source code version of a blob." OpenBSD founder Theo de Raadt [interview] called the free driver effort a farce, "you are trying to make sure that maintainers of code -- ie. any random joe who wants to improve the code in the future -- has LESS ACCESS to docs later on because someone signed an NDA to write it in the first place. You are making a very big mistake."
Greg pointed the discussion to his FAQ in which the final question asks about the BSD operating systems and the answer states, "what about them? They are free to do whatever they wish, I have no input into their development at all, sorry." Greg further clarified, "well, as my goal is to have a GPL driver for everything, I don't see how this can hurt :) Now others can have different goals, and that's great and fine. I'm not saying you can't work on something if you wish to do so."
Damien Bergamini [interview] started a thread on the OpenBSD -misc mailing list in which he summarized Intel's policy toward open-source software being to "make us look like we're open-source friendly by opening a project on sourceforge," and, "give the open-source community the bare minimum so that they can serve as our beta-testers." Damien released a reverse engineered blob-free driver for an Intel wireless chipset earlier this year [story], but work is slow as Intel does not freely provide documentation to the chipset. OpenBSD's battle with Intel has been ongoing for some time [story] leading project creator Theo de Raadt [interview] to say, "before we ask a vendor, we have already lost (ie. the device does not work). When a vendor says no, we have lost nothing further -- there is no way we can lose further than having the device not work. We can only win, and then the device works. So there is no point in giving up until we win back the rights to write software for the hardware that we have purchased." As before, the goal is to get Intel to provide a freely distributable binary firmware.
Theo pointed out that when the open source community works together they can help improve the situation, "in the past, our users have shown that they can help us convince vendors to do the right thing. They have shown vendors the path towards freeing up many pieces of documentation or granting firmware distribution rights. This has helped with many vendors, most of them quite large." He explained that until Intel releases their firmware freely and without restrictions that they are not open source friendly as they claim, "by withholding, Intel is being an Open Source fraud." He went on to suggest that Intel should follow the example of other companies in the market, "Intel must do this firmware grant in the same way that Adaptec, Atmel, Broadcom, Cirrus Logic, Cyclades, QLogic, Ralink, and LSI and lots of other companies have granted distribution firmware to be used by others." He concluded by requesting that the open source community contact Intel to help get them to change their policies, "let's win back the rights to run the hardware we purchased."
Tables are cluttered with laptops, servers, switches, cables and cords as the 2006 OpenBSD hackathon continues in Calgary, Canada. Small groups of developers talk and debate around LCD screens, while others work individually on their own projects. Behind the scenes, a donated 10 megabit wireless connection provides Internet access to all. IP addresses and DNS are provided by stock bind and dhcpd processes running on an OpenBSD server. Among other things, the infrastructure area hosts an HP DL385 with 24 GB of memory that was recently donated by HP, a G5, several Sun Blade 2000's, and an assortment of PowerPC, Alpha and Opteron-based servers. A console server provides serial connections to the servers along with logs of what went on on the serial console, useful for debugging. Power issues on the first day were resolved by evenly spreading the servers and many laptops across the available circuits in the hackathon room. Chris Kuethe explained, "the whole point of the infrastructure is that it's not supposed to be exciting, it's just supposed to be there, like a light switch."
I have spoken with another 28 OpenBSD developers from Turkey, Iceland, Ireland, Germany, Sweden, Switzerland, Denmark, Australia, Austria, Hungary, the US, and Canada. Efforts are being made on ACPI, the VFS subsystem, link-layer authentication, OpenBGPD, tcpdump, XFree86, pf, CARP, dvmrpd as a replacement for mrouted, OpenRCS, OpenCVS, the USB layer, prebinding, ipsecctl, 10 gig Ethernet support, link layer path mtu discovery, several new and improved drivers, amd64 large memory support, new CD and DVD recording features for cdio, improvements to mg, support for new architectures, numerous new and updated ports, and much more.
OpenBSD creator Theo de Raadt began developing OpenBSD in October of 1995. KernelTrap first spoke with Theo back in November of 2001 [interview], around the time that OpenBSD 3.0 was released, discussing much of the early history of the project. The project has continued to offer regular releases of their "free, functional & secure" operating system every six months, with OpenBSD 3.9 made available yesterday, May 1, 2006.
In this latest interview, Theo examines the past five years of OpenBSD development. He also discusses the OpenBSD 3.9 theme song, "Blob!", detailing what blobs are, why OpenBSD avoids them, and how OpenBSD developers work to reverse engineer them. Looking to the development process, Theo talks about recent and future "mini-hackathons", small and focused OpenBSD development gatherings. Finally, Theo also discusses the OpenBSD project's funding issues, and the response to requests for funding from users of the project's OpenSSH software.