So let's deal with the elephant in the room: the OpenBSD project is run by complete and utter jerks. Not just Theo, but he has set the bar quite low when it comes to friendliness and tolerance of questions from younger/less experienced contributors. Linus' rants on the Linux kernel lists are almost cookie cutter copies of Theo's.
There is "opinionated software" and then there is Theo being an intolerable, obnoxious, ego-maniac.
As such many people are going to see this and laugh and think "good riddance", and will be happy to see OpenBSD disappear.
That will only be enhanced by the fact the books are closed, the shortfall on the electric bill is inexplicably $20k, and nobody is prepared to explain the detail.
In essence rudeness + shady accounting practice != open source community that should feel a sense of entitlement from non-core users
It's a shame because the code (especially the crypto code) is really good. Seriously, go read it: I used to love reading the OpenBSD source, but I never contributed anything because Theo was such an absolute jerk.
I hope the guys who work on the crypto stuff at least either keep doing so elsewhere (Free- or Net-), or a new project without the need for $20k in electricity bills spins up to keep going.
" Linus' rants on the Linux kernel lists are almost cookie cutter copies of Theo's."
Linus is a jerk towards experienced maintainers. Theo is a jerk towards everyone. There is a big difference.
I can't be bothered to look for it right now, but there was an email on lkml where an inexperienced contributor basically asked "should i just give up?" and Linus chipped in with quite a friendly manner and mentioned how important contributions from everyone were to the project.
I get the feeling the people Theo yelled at are the same people Linus would yell at. Given Theo's behavior when RMS was trolling the misc list, Theo seemed quite calm.
There's a lot of fuzzy thinking in this thread. The idea that the emails which somehow come to our attention because they appear on internet blogs or something due to their OMG WTF value are representative of their author's normal, everyday output has as much merit as assuming, for example, that that photo of rackmounted OpenBSD computers on the openbsd.com page represents the entirety of the project's electricity usage.
Don't associate the entire project and foundation with the actions of their figurehead.
Honestly, Theo can be an asshole, but often his temper is warranted when he's faced with idiocy, like when RMS was unapologetically trying to persuade the removal of all mentions of non-free packages in OpenBSD. (http://article.gmane.org/gmane.os.openbsd.misc/134850)
I know this is what RMS does, and actually I'm sympathetic with his views, but in that context it was bullshit. This is just one incident, who knows how much Theo has to deal with other people wasting his energy on non-issues, trivialities and misconceptions?
For what it's worth, he isn't any less of a dick than Linus. Yet Linus consistently earns hero praise and adulation, the criticism of his personality being secondary and written off as justified. So why isn't Theo's justified?
I don't think Theo's reaction is really warranted. I mean, really? "slimy hypocritical asshole"?! And the follow up later on when someone calls him on this is pretty telling: http://article.gmane.org/gmane.os.openbsd.misc/134896
I don't know the full history of that thread, but it's not mentions of non-free packages that RMS was talking about - it was ports in OpenBSD that allowed people to easily install non-free packages.
The OpenBSD developers are very direct, and will hurt your feelings if you can read the documentation. Honestly though, it seems reasonable for the most part. If you read the misc mailing list, I think you'll find that the people who are getting a rough treatment are those who didn't stop a think for a moment or who are them self giving bad or unrequested advice.
I only ever had a few email exchanges with Theo. One was a bug report and the other was a few questions for a project I did while studying, but he was friendly and helpful. Even if Theo had been a jerk, that doesn't change the fact that I've gotten a lot of value from OpenBSD in the past, without being asked for anything back, until now.
The closed books doesn't really bother me, I doubt that Theo or someone at the OpenBSD Foundation is going to run of to Cuba with the money. Maybe we should just accept that the people that they are asking for help are people like me who see a value proposition in: I give them €20 a month and OpenBSD doesn't go away. Only takes 1000 people like me to solve this and surely there has to be 1000 people in the world for who this is a great deal.
One thing new arrivals should know about OpenBSD: the man pages are good! Really. It took me a while to get out of my linux and windows habits of of immediately going to google or a mailing list or a forum when I didn't know how to do something. With OpenBSD, read the man page first. In most cases you won't need any other resources.
Yes, because other projects will rise in its place run by people with better social skills, and they are more likely to build tools of use to a wider audience, and we'll see wider acceptance of crypto.
I genuinely believe my non-tech friends and family have such a poor approach to security, because the people who have a good approach to developing security tools have such a poor approach towards my non-tech friends and family.
For every watt you put in, you need to cool that watt, which requires a high percentage of a second watt. Some of that equipment is almost 20 years old, maybe more. One those old machines could warm an office back in 1994.
On top of the electricity for the servers and for cooling, there is also maintenance: replacing ancient drives and other system components when they fail (which may require paying out the arse for some gear on eBay), fixing cooling equipment (ever replaced a dead AC unit in your house?), network maintenance and upgrades, internet connection, etc., etc. The list goes on and on. $20K seems reasonable to me. He's not asking for $20MM or even $200K, guys. He's not mining bitcoins. Please be reasonable.
$20k is not inherently unreasonable, but I won't donate if I don't have a better idea of what is going on "behind the curtain", which is why I'm idly musing.
If you don't want to aid him, that's quite alright, but I'm not sure how OpenSSH balanced against his abusive comments to select users on mailing lists is somehow a net negative...
It's not like we're talking about Wagner's antisemitism vs his music here!
I highly doubt they are falling short of cash because of personality issues. I'm going to go with the fact that OpenBSD is much less popular than Linux and more niche, thus has a lot smaller userbase. And an even smaller userbase that is willing to donate money.
>So let's deal with the elephant in the room: the OpenBSD project is run by complete and utter jerks
Really? Could you give me an example of that? Because from where I sit, as someone having been around the openbsd world for ~15 years, I don't see it. I see lots of people bitch about it, but never any examples of it actually happening. It is just something people seem to assume will be taken as gospel.
I once offered to help work on some docs to make them a bit more user-friendly because at the time they were quite obtuse. Theo responded with something along the lines of requesting I please go away, as this project doesn't need people like me, and then a liberal sprinkling of lots of rude names and insults suggesting I was from under a rock/an idiot/etc.
I offered help and enthusiasm for the project. He called me a lot of names and suggested OpenBSD wasn't for people who weren't like him.
That's just me. Fine, I'm a big guy, I can take it. But I then watched for months as he did the same to countless other individuals. Newb: "Hey, we could do 'X'" Theo: "No, go away, I hate you", is pretty much the tone.
Then there is the more public stuff. The stuff that is historic but a little larger.
He created OpenBSD because the NetBSD core ousted him for his attitude and demeanour towards other developers.
There is a whole section of his Wikipedia page dedicated to his "Outspokenness" which is a polite way of calling what is actually his "Obnoxiousness":
Nobody doubts he can write code, and that OpenBSD - and OpenSSH in particular - was a bonus to the open source World, but my point is that he and his inner circle are hostile to the rest of the community who aren't quite like them. It's a clique.
And cliques can't ask outsiders for help once they're established: they made up the rules, and they will live (and die), by those rules.
Theo had a choice: compromise, and be nice to people and understand other people's needs; or, don't compromise and be a bit of a jerk and piss people off but stay true to your own values.
He chose the latter. Fine. He should not be surprised that they are not running to their wallets when he needs $20k for electricity bills to continue running the project in that same way.
I'm not being rude about this, I'm being pragmatic. I don't particularly want to see OpenBSD die, but I can't see many people rushing to save it, and that's because the top hierarchy are perceived as - and are documented as regularly behaving as - complete jerks.
If Theo had been a little more temperate to more people, it's quite likely his $20k (and then some) would have been raised in under an hour. I know some FreeBSD guys have raised similar/larger amounts for smaller projects in the past within a day or two. How? By being nice people that other people want to support.
>I offered help and enthusiasm for the project. He called me a lot of names and suggested OpenBSD wasn't for people who weren't like him.
The mailing lists are all archived. Show me the link. The whole point was I hear bullshit stories all the time, but having been on the lists for over a decade, I know they are bullshit.
>but I can't see many people rushing to save it
Nobody cares what you can see. You just want some excuse to push your weird vendetta. Plenty of people are quite happy with openbsd, don't care about your imaginary problems, and have coughed up the $20k.
Having just donated I would like to say that the man pages are wonderful. I like them so much that I have a oman alias and made a quick (and dirty) script to fetch them.
If the maintainers of that page are around here, I suggest putting some visualization of how close you are to the goal on there. It's amazing how much of a psychological motivator a bar filling up is.
This is a great point. I work on tools that would be perfect for this: Crowdtilt[0] and our open-source tool Crowdhoster[1]. This situation specifically reminds me of a Crowdtilt campaign that launched here on HN after the Internet Archive burned down[2], so I would be very happy to help.
Wow. Thanks for bringing this to my attention, I had no idea OpenSSH fell under the OpenBSD umbrella! It certainly makes very good sense for me to donate now!
Note: OpenXYZ, not OpenSomethingSomething. Anyway, OpenBGPD, OpenOSPFD, OpenNTPD, OpenSMTPD, OpenSSH, OpenIKED. OK, so it's more like OpenABCD and I should probably have written "many" instead of "most". :)
Makes me wonder, though. There are plenty of fairly large commercial offerings based on those systems. The corporations using them (e.g. Sony, Apple) could probably easily afford a million in donations.
That is the wonders of the BSD license and others that follow the same principles, profit for free from the work of others without giving anything back.
> That is the wonders of the BSD license and others that follow the same principles, profit for free from the work of others without giving anything back.
Does any Open Source license require monetary donations from companies using the code?
Sony and Apple and a lot of other companies using BSD licensed software DO give back -- in the form of code and employing developers to work the projects.
I'd be interested in a list of software that Apple and Sony contributed back to FreeBSD and that is in the ports, do you have such a list? It looks like that this is a very asymmetric relationship.
For Apple, there's quite a lot if you're willing to grovel through commits, but at the moment nothing is bigger than Clang/LLVM -- a large chunk of the core team is directly employed by Apple, and with FreeBSD 10 Clang is directly incorporated into the core system. Apple has, at various times, employed other FreeBSD core committers directly. They very quietly have done a lot to support the project.
Sony, IIRC, employed some Japanese committers who were working on ACPI at one point.
Off topic, bluekitten it seems you've been hellbanned and your message show as dead. Looking at your comment history, I can't imagine what triggered it, so if you see this it might be a good idea to send an email to pg.
I don't think so. The foundation probably doesn't have anyone anywhere in Asia with a bank account that can receive Paypal donations. The idea is to save transaction costs, not limit donations to certain parts of the world.
It's funny to hear this sort of thing from someone trying to accrue $20k in donations. Yes, many people will give bad advice. No, you don't really get to complain about it when you are asking them for large sums of money.
The guy is infamous for being one of the most aggressive, sarcastic and trollish OSS developers out there. He's been like that for 20+ years, he's not going to change just because they are 20 grand short.
Part of the success OpenBSD has enjoyed is in fact due to this uncompromising attitude: Theo pushed hard against security-by-obscurity, binary blobs, undocumented proprietary hardware and poor development practices. With openSSH, they pretty much set the bar for security-related programs the wotld over.
At the same time, Theo's personality routinely drives away a lot of very capable developers and users, which limited the overall popularity OpenBSD could ever reach.
>At the same time, Theo's personality routinely drives away a lot of very capable developers and users, which limited the overall popularity OpenBSD could ever reach.
It would be nice if we could all work in an environment where we could be abrasive as we want and still get paid. But this is life and not many people have that opportunity.
If Theo want's to put up a fight about blobs and proprietary hardware, he should do that. Talking down to people who genuinely agree about his goals and are trying to help is really self destructive.
A couple relevant quotes from the justly famous talk "You and Your Research", by Richard Hamming:
"If you chose to assert your ego in any number of ways, ``I am going to do it my way,'' you pay a small steady price throughout the whole of your professional career. And this, over a whole lifetime, adds up to an enormous amount of needless trouble."
"I am not saying you shouldn't make gestures of reform. I am saying that my study of able people is that they don't get themselves committed to that kind of warfare. They play it a little bit and drop it and get on with their work. "
> where we could be abrasive as we want and still get paid
If your code is wrong, I'll say it's wrong. I won't say you are an idiot, I won't make comments on your background and I won't judge you when I should be judging your arguments. I'll point what's wrong and why I think it's so and I'll welcome you if you prove me wrong and adjust my views accordingly.
Excessive abrasiveness is not a good trait for a community leader.
Theo's bad attitude is more the stuff of rumor rather than fact. More than a decade ago, when I first heard about Theo's abrasiveness, I went through nearly every mailing list post he'd ever made looking for the dirt (I was a teenager with time to kill). The end result? A dozen or so flames directed toward people who, in my eyes, seemed to have it coming.
It's a shame people don't talk as much about his tireless dedication to an important but relatively small open source project. He really is one of the true open source heroes.
I was doing CS at U of C same time he was. While I have a lot of respect for him in many areas, and found him entertaining to hang out with at times, there is just no way to overstate how abrasive and how much of an opinionated arrogant asshole he can be. (Something I don't think he'd disagree with.)
From what I can tell the current mentality is:
We don't need to accept feature requests or patches to get donors, we could just get more users and sell CDs
"oh Look here's a poor idiot in the Mailing list that didn't become a UNIX expert before asking a question, let's flame the shit out of him."
Alright Let's collect some money. Wanna know why? fuck you it! It just needs to be this way. Wanna help or suggest a solution? fuck you unless it's a check.
I'm sure they have their reasons and they've already carefully thought through all of the most common suggestions. The project's been around for awhile.
That's probably true, a simple, polite answer or even a no comment would be far less abrasive. Here's his answer to 'maybe we should evaluate the scope of the project and see if we still need to support VAX':
>Now, If you don't realize this is the reason we try to run on the
older platforms, I am sorry but you have really not tried to stay in
the loop of what makes OpenBSD a vibrant ecosystem. If you aren't in
the loop regarding this, then your mail comes off pretty darn preachy.
>I really love how we keep getting advice.
>Anyone want to suggest we hold a bake sale?
A simple no answer would do. Or maybe just the actual reason he runs the VAX.
And that's where disenfranchising non dev types is a real problem. Theo talks about pulling devs to make shirts and stickers and how that's a waste of time, but there are people out there that aren't kernel hackers that love to contribute to something bigger than themselves. No one's good at everything and the OpenBSD persona of being for and including only experts has made them a very lopsided organization with loads of talent but no diversity of skills.
Being nice to stupid people is as much of a skill as hacking up some kernel code.
"Being nice to stupid people is as much of a skill as hacking up some kernel code."
I'd rephrase that as 'finding simple tasks peripheral to the main effort that would allow non-expert people to contribute time to the project without detracting from the main work'.
I'm not saying you're wrong. But we have to get realistic here, OpenBSD is not going to turn into Canonical, not overnight, maybe not ever. I'm sure we would all love for it to suddenly sprout a bedside manner, but it probably won't, and you or me sitting around saying it needs one isn't helpful.
What we can rely on it being is technologically awesome. What else can you say that about? If you try to change the culture of OpenBSD, assuming that's even possible, the quality will inevitably suffer.
Could you honestly say you'd prefer OpenBSD to be more like Ubuntu?
No, I don't want that. But there is a big divide between those two things and having a little help with the business/relations wouldn't make them canonical. On the other hand there have been years (like 2012 and or 2011) where there were less than $30-40k donations to the OpenBSD project/foundation. remove electricity and there's just enough money for nothing. If you want a plausible OS you'll need a couple bucks; it's not an iPhone app. So instead of turning into canonical, maybe get some help to raise a few hundred thousand so you can run the boxes and have people behind the keyboards.
As for technically awesome, we are talking about a 'modern' OS that has poor support for multiple cores (servers will only have one core -theo), runs poorly inside a hypervisor and doesen't work as a hypervisor. An OS that does't support any of the newer types of file systems like zfs or btrfs. These things aren't strictly necessary, but that's kinda where things are headed in the server industry.
The code for the OpenBSD kernel is really clean and simple. It is well audited, but has half the security features of something like linux. This is a great approach if you don't stray to far from the kernel, but if it's not a firewall it might need a browser, java and or flash.
I think I am being realistic. It doesn't seem crazy that they could go on a fundraising binge, and get/hire some busines/PR/fundraising help that allows them to really meet their goals in the future. I'm not talking canonical money but you know 3-400k to power the servers and pay a couple people. That's a long term solution. We can all donate, and buy our disks but we'll be back here in a year.
>No, you don't really get to complain about it when you are asking them for large sums of money.
Attitudes like this are a big part of why I am far happier to run a for-profit business at near-breakeven than I am running a not-for-profit or cooperative enterprise.
$20K is... rather less than what my RHEL bill would be if I was using RHEL and not CentOS.
I mean, I'm a pretty small shop, and $20K is a lot of money for me (thus I'm using CentOS and not RHEL.) - but by the standards of a whole operating system? twenty grand is small potatoes. Hell, /my/ power bill is rather more than $20K a year.
> A number of logistical reasons prevents us from moving the machines to another location which might offer space/power for free, so let's not allow the conversation to go that way.
and there's no way that overcoming those logistical reasons would be cheaper than $20,000? at all? okay, well then, I guess that limits your options doesn't it.
Moving many machines and reconfiguring networks and setups is far from 'free'. And as others have said, frequent physical access is a necessity, so the new location would have to be within a commuting distance of the current one if you want your core devs to keep working the way they do.
It certainly seems rather unlikely that moving the machines to another location would reduce the expenses to $0.
I can well imagine that there would be a lot of difficulty in moving an large eclectic collection of old machines into a modern data center, and that such an undertaking might be extremely expensive.
The answer is in the second line of your post. We don't know the details of their situation. But somebody who does know says that there are good reasons not to move. Doesn't seem that implausible that he might be right.
I don't think any of us truly have a problem with OpenBSD being unwilling to move their machines. We have a problem with OpenBSD being unwilling to move their machines, offering practically zero explanation why, while simultaneously asking for strangely large sums of money "because they can't move their machines".
If it wasn't for those three elements coming together, we wouldn't give a damn.
> The OpenBSD project uses a lot of electricity for running the
> development and build machines. A number of logistical reasons
> prevents us from moving the machines to another location which might
> offer space/power for free, so let's not allow the conversation to go
> that way.
I don't understand this comment. If the choice came down to moving versus shutting down entirely, why is moving an unacceptable answer?
This discussion comes up every time only because some people seem to think OS development is like racking new x86 servers running RHEL.
Many of the machines do not have LOM. They have hardware failures instead. They hang because they get trashed building OpenBSD and ports pretty much 24/7. There is debugging and serial cables going on. Someone needs to push that NMI button and check the LEDs flicker like they should. Reboot them. Constantly update to the latest development version, making them panic quite a bit. Diagnose that. Installation procedure requires console access, monitor adapters, weird keyboards, ... They don't fit in racks properly. There are security concerns. Etc, etc.
It's wrong to think of the machine room as rack space than can be had for cheap somewhere else. It's much more like a lab (with the mad professor living on top, controlling the experiment).
While what you say is correct, Theo's stance on this is still a bit unreasonable. A review should be done to see which systems can be moved or supported by the means of remote power off strips and IP console servers. They should be perfectly willing to move that gear if someone offers them the space. All the Sun SPARC, Alpha and Intel most likely falls into this category. Only systems that someone needs to be physically there to access should be left onsite.
I have donated to OpenBSD a number of times because I believe the project is of great value. In all cases where I used a release (for firewalls mostly) I purchased a CD set.
OpenBSD supports a number of odd and unusual platforms and does builds on them. See http://www.openbsd.org/plat.html. Older hardware can both use a significant amount of electricity and require much more hand-holding than is possible. Virtualization and emulation are not acceptable substitutes because they claim that doing builds on e.g. VAX is one of the best ways to ensure that the code works on VAX as opposed to simply booting on VAX. They also regularly find bugs affecting all platforms that are exacerbated by one particular architecture (think alignment or endianness issues).
On a regular basis, we find real and serious bugs which affect all
platforms, but they are incidentally made visible on one of the
platforms we run, following that they are fixed. It is a harsh
reality which static and dynamic analysis tools have not yet resolved.
We used to maintain SGI boxes for this same reason but we've pulled back. The main benefit we got from older RISC stuff was that they bitched about unaligned loads. If you are going to support any of those models you need at least one box like that in your cluster. SPARC was faster than MIPS so we kept SPARC.
I think Theo could probably thin down the cluster and still be good but maybe I'm wrong and he'll show up with examples that require all of that hardware. That would be interesting because in our case we've sorted out the problems and rarely see things blow up on the RISC boxen.
I was trying to think of a good way to say exactly this, but he says it better (and more authoritatively) than I ever could. Broad platform support is a significant factor contributing to overall quality in products like *BSD, and it's apparent in looking at the source.
As a longtime OpenBSD fan and advocate, this has always fascinated me. I loved SGIs back in the day but they are slow as shit today and unusable for any kind of modern desktop usage unless all you do is write code in a terminal. These platforms survive in OpenBSD land because somebody still cares enough about them to enjoy hacking on them. There's no point in saying "Drop them!" because the devs working on them probably could care less what the rest of us think.
Personally, I do wish OpenBSD could somehow regain the popularity it once had and that support for modern hardware like 10GBE and scaling PF throughput w/ multi-core CPUs would improve. I don't know what it would take to bring people back.
Why should everyone else pay the 20K to subsidize ancient hardware support? If there really is a subset of people who really really depend on this, then they should be forking up the cash to pay for something that could be had for free elsewhere if support was restricted to 95% of the platforms in use by the vast majority of people.
If there is an argument that maintaining this will somehow improve security overall and not just on ancient hardware then I would love to see it. But if the Devs working on it could care less of what the rest of us think, then maybe those Devs should pay their electricity bills to support their toy platforms because I could care less about what they think too ...
That is the argument. Obscure kernel and driver bugs are frequently only made apparent as edge cases on said ancient weird hardware, but the fixes benefit all platforms from a code-correctness point-of-view.
But many of those old hardware platforms can be emulated. So if their reason of existence is only triggering edge cases, there are other ways to do so.
Actually most can't be emulated because emulators don't exist and those which can typically can't be emulated correctly (Sparc emulators for example which are notoriously sparse and bad quality).
Some of the architectures also have different endianess and incredibly complicated peripherals to the cost effective host machines as well meaning that it's actually more power efficient to run native. A headless 100MHz VAXstation for example draws less power than the equivalent host that would be required to provide a full, accurate emulation with peripherals. These aren't arcade machines.
OTOH, the preservation of such historically relevant architectures would benefit enormously from emulation. This is an aspect that should get some attention and which could, possibly, open up another funding avenue to the project as a side effect.
Not really. The OS syscall interface, ABI and the fact everything is abstracted via your C compiler normalises the differences between the machines pretty well meaning you only end up dealing with portability issues.
Portability issues is where real hardware benefits. It's where you have battles of unusual register sizes, endianess, host/network order differences, different memory models and memory protection, different performance characteristics, different timings and different exploits.
Unless the emulation is 100% accurate, including timing, which is a really difficult thing to do (look at the effort MAME goes to), then the benefits over real hardware is moot.
Emulators are also expensive to write due to the above, have their own bugs and don't always recreate the bugs in the real hardware (which are sometimes exploitable).
I was thinking about MAME (more specifically, about MESS). If two groups benefit from a single effort, it seems to be an good investment, even if it costs nearly twice as much.
Also, using emulated hardware could cut down the usage of the real pieces, which could then be better studied and preserved. Doing less builds on vintage hardware is, actually, a good idea.
Emulation isn't guaranteed to manifest the same edge case issues that surface these defects, though.
Then again, it's possible that emulation could surface other edge case issues. That's completely orthogonal to the value of non-emulated archaic architectures for this purpose, however.
Is that clear? It's not as if when SGIs are taken away, developers efforts will seamlessly efficiently shift to amd64. I like to think that "oddities" like SGI are data-points to test against, and help keep abstraction alive by disallowing traps like pretending that everything is an x86.
I'd be interested to hear whether or not this is the case from people closer to such a condition, though (ie: OpenBSD, NetBSD, ???).
If they would rather refuse free hosting and will "not allow the conversation to that way" then it means they want to keep support for some physical hardware that's hard to find in existing datacenters.
This is like saying "I don't care if my arcade goes out of business, I'm going to keep the power hungry cabinets alive even though they only get used once every 3 years."
"... and unusable for any kind of modern desktop usage unless all you do is write code in a terminal."
Sounds good to me. Many times (actually most times) I have no need for a "desktop" metaphor on my screen in order to get things done. I actually get more done big jobs done faster without the desktop metaphor in the way.
"... the devs working on them probably could care less what the rest of us think."
That's what makes them so special.
Perhaps in the long run the most "powerful" and sought after computers will not be the ones with the latest chips, but the ones that the user has the most knowledge of and control over.
Can you imagine the old-timer reminiscing: "Remember when computers didn't have backdoors built-in?" or "Remember when you did not have to pay for a license to write programs for hardware you bought?"
A mips32 port would also be very desirable for all those shitty little routers with their ancient Linux kernel, but sadly nobody is working on that at the moment.
So, should the network and firewall OS that many people claim OpenBSD is, slash its support for MIPS devices?
There's probably a few hobbyists that still use SGIs. Octeon is mostly commercial vendors, who could pay for all of OpenBSDs needs out of their fancy executive toilet paper budget. And there's one OpenBSD hacker who uses Loongson, even GNU cult leaders use GNU/Linux on Loongson instead.
The important part of sdkmvx's comment is that those SGI workstations help find bugs that also affect x86 users. The more diverse ecosystem makes it easier to reliably detect and reproduce tricky race conditions, endianess bugs or memory management mistakes.
But if the project stops keeping obsolete build machines around, they would save on electricity bills. Hackers could still hack, they just wouldn't be killing the project with legacy support costs.
I think if you're openly soliciting donations under the premise that they're essential to keeping the project running at all, you can put up with the people you're trying to get money out of asking questions to ensure that the money you're asking for really is as needed as you say it is.
Especially since he is almost always technically correct--the best kind of correct.
What OpenBSD foundation really needs is a tactful and charismatic person to act as firewall and pf between Theo and the people with overflowing bank accounts, who are more accustomed to dealing with obsequious salesdroids than a person who is not only ten times smarter than their entire golf group put together, but also so aware of it that he cannot hide how much of a waste of time it is for him to suck up to any one of them, no matter how much he could use the cash.
Do you think Apple would have gone anywhere if Wozniak was the one talking to all the investors?
No, what OpenBSD needs is a broader FOSS community that doesn't turn every bump in the road into a referendum on bruised feelings from years ago, and recognizes its indebtedness. I type 'ssh' how many times a day?
Not that I don't understand those feelings. I've spent enough time lurking on openbsd-misc to have seen Theo and friends be beastly. But never without some provocation. And one might wish better impulse control on any number of online personalities.
(And if you find this rude, note that I'm not involved with OpenBSD -- not even on the mailing list anymore -- so blame me, not 'the OpenBSD community'.)
I don't see why they're proposing a all or none situation when they could choose to move and in doing so, limit the number of platforms they support. If anyone complains about a specific platform being dropped, well have them pay for the overhead associated with it.
Theo says it's because if they drop $platform, they'll lose the devs that like working on $platform who quite possibly work on @other_platforms as well.
Change is hard, but I think it's worth a shot. And you never know maybe spending more time focused on real needs will create a better product from all the extra attention given to things that are work worthy.
Realize that funding for OpenBSD has been an ongoing problem for decades now. Theo would like to focus exclusively on managing the project, but instead he has to keep dropping everything to deal with the funding problem.
And, the OpenBSD development team has contributed a lot to the software community, so it's extra frustrating not to get enough support back.
I'd expect that at some point it just stops being a fight you want to keep fighting.
I've seen a picture posted on Slashdot how they server rack looks like. There are many very old machines, I am sure that at least one reason is fear that they break during transportation.
Why not move the machines, and if the Amiga breaks down and they can't find a replacement, end Amiga support? I mean, that's not a wonderful outcome, but what would you prefer to see given the following options?
a) Shut down OpenBSD
b) Shut down Amiga support in OpenBSD
I mean, is it even a hard choice?
Besides, if there are many developers who like developing for Amiga, surely they would be able to find a replacement?
The Amiga port isn't live. It hasn't been maintained for a while IIRC.
There are two important points that shouldn't be forgotten about aggressively pushing cross-platform: it retains developers and exposes bugs. There's a great deal of usefulness behind it, beyond simply making it obvious that the workstations we get today are shit.
Ok, Amiga was just an example I pulled off the top of my head.
I am not suggesting all legacy platforms need to be cut. I'm suggesting that it's possibly an acceptable risk, and also if a replacement UltraSPARC simply cannot be sourced, there can't be that many developers working on UltraSPARC anyway. (Just as an example)
I completely agree with your association. In my view OpenBSD is very plainly holding itself hostage for $20,000 cash and expecting everyone to accomodate them.
All three options exist, but the maintainers pretending that option b doesn't exist at this point in time increases the probability that option c will succeed.
If the pretense doesn't work, be very much assured that they will go with option b.
That image has been present on the lower right corner of the openbsd homepage for a long time. Given the name of the image, I imagine it's been present since at least since 2009, but my (fuzzy) memory wants me to believe there has been an image of a rack there even before then.
It reminded me of a post-it I left in the company lab with a diagram for how to do proper gigabit cross-overs. I could still find it there five years later after they rearranged the lab several times.
"Automatic MDI/MDI-X Configuration is intended to eliminate the need for crossover cables between simi-lar devices. Implementation of an automatic MDI/MDI-X configuration is optional for 1000BASE-T devices. The assignment of pin-outs for a 1000BASE-T crossover function cable is shown in Table 40-12 in 40.8."
It seems likely that they don't trust anyone else to have physical access to the machines for security reasons. Their threat model probably includes national governments.
My first "real" job was in the mid-90's; I was the first technical hire at a small Chicago ISP (EnterAct) that grew into a relatively large ISP (when I left, we were default-free peered to several tier-1 providers and had more POPs than I can name). It was great, and the team that started it --- two Big-5 accounting firm programmers --- was inspiring, particularly when it came to business strategy.
Anyways, very early on, EnterAct managed to maneuver into a reputation for premium customer support. We got that reputation by doing some concrete things differently than our competitors: we staffed an appropriate number of CSRs, trained them to be nice to customers, did a lot of gratuitous tech support for basic computer problems, and were flexible about resolving billing disputes. Sadly, a lot of those things were differentiators at the time. A couple years in and we were essentially able to hang "best customer support" on our list of features, and eventually we became the most popular ISP in Chicago largely based on that.
But something I came to notice pretty quickly: the things we were doing to earn that support reputation stopped being empirical differentiators pretty quickly. Our largest competitor, run by Karl Denninger, did us a continuing series of favors by pissing off their customers. But other large regional ISPs pretty quickly learned not to set fire to their customer base, and, by the end, I think our customer service was pretty much at par for the whole area; we were no longer truly different based on support. The reputation, however, never left.
That observation has stuck with me for my entire career. I think about it all the time. It's banal, I know: "early impressions count a lot", but there's a little more to it than that: you can weaponize an early impression by turning it into your market positioning and having some message discipline.
I left EnterAct for a job in Calgary with a company called Secure Networks (SNI), doing development and security research. For the year prior to leaving EnterAct, I had also been working with the OpenBSD project, mostly by writing all their security advisories, but also doing a bit of part-time security research. SNI operated the world's first commercial vulnerability research team, and had a very close relationship with Theo; we had a full time employee who had essentially led the first OpenBSD security audit. I went drinking with Theo many times, and vividly remember hanging out in his basement with Tim Newsham eating bad pizza and trying to find vulnerabilities in Daniel Bernstein's qmail (we found one that would work if integers were 128 bits, but ironically missed the LP64 bugs that Georgi Guninski found; it was 1997, though).
This is all a long prelude to a simple point, which is that I think OpenBSD's reputation for security works in a very similar way to how EnterAct's reputation worked. OpenBSD started doing something very different than FreeBSD, Linux, and (particularly) NetBSD: they did an OS-wide audit for vulnerabilities, and aggressively fixed apparent bugs whether or not we could demonstrate that they were exploitable. That was a great move. But it was so obviously great that pretty much everyone (with the possible exception of NetBSD) quickly adopted the practice.
Among security research insiders, OpenBSD's reputation became a little bit farcical. Not that OpenBSD was comically insecure --- it wasn't --- but that its reputation so far outstripped its actually differentiation. People found a bunch of vulnerabilities in OpenBSD and laughed as the claim at the top of the OpenBSD changed from "no vulnerabilities" to "no remotely exploitable vulnerabilities in the default install".
And at some point in the last 10 years, didn't OpenBSD's distro servers get owned up?
I'm sure the OpenBSD project would like its threat model to include NSA. But OpenBSD is not a meaningful ally in a contest between you and NSA. NSA wins that fight. OpenBSD's userland was much stronger than FreeBSD's in 1999, but I'm not sure I think their kernel is stronger in 2013, and that's probably what matters more.
Let me wind this bloviation up with a caveat: one thing a reputation for security gets you is a feed of talent that is interested in working on security problems. OpenBSD certainly got that. So for instance, OpenBSD's developers designed and built privilege-separated OpenSSH. There is a lot of good security work that has started inside the OpenBSD project, and I don't mean to talk any of that stuff down. I'd just be careful about taking the project's overall reputation to the bank, especially if you have serious adversaries.
Sorry for hanging this sprawling comment off your (simpler) point; I just don't want the root comment on the thread to be me talking down OpenBSD.
I know OpenBSD's reputation is primarily security, but I use it for a different reason. It's simple, stable, and doesn't break.
Back when I was in high school and I had a lot of free time and all that, the various incarnations of Linux were a delight. Even after that, I still went with it out of inertia and spent many evenings tweaking Gentoo.
I eventually just goddamn gave up. I got sick of every upgrade breaking something in my system and then especially got sick of deciding between figuring out how to use wpa_supplicant and installing NetworkManager which screws up my network settings as soon as I plug in the Ethernet cable while I'm still on my wireless. In a flight of rage I thought ok, I've had enough of this crap, and went the OpenBSD route.
Seriously, it has all the nice parts of Plan 9 while still actually being able to run all the tools I need. I still have Linux and Windows boxes for the odd tools that don't work on anything else (I do embedded systems for a living, and there's a lot of vendor lockdown there), but for my day-to-day workstation, I found nothing better.
In 2009, our development team lost a whole 10 hours to a degraded Linux mdadm RAID1 that wouldn't rebuild due to an obscure error after a digger severed our power and internet connection. No internet access as power came up first so no access to online help. mdadm is buggy. Documentation sucks. Error messages suck. Only recourse was a full restore from tape which took a long time. This was the last straw after over a decade of dealing with this crap from network dropouts, laziness, half-arsed features, distro wars, politics and churn.
Some previous Unix experience in the late 1990s with OpenBSD on an old SparcStation 5 (the only thing that would run on that machine nicely) jumped into my mind on the way home. It had that warm, fuzzy, well-engineered, well-documented feeling about it, like an old HP RPN calculator. Got home, downloaded it and installed it on my laptop, replacing Ubuntu.
4 years down the line: one happy person with the same laptop running 5.4 still with that warm, fuzzy, well-engineered, well-documented feeling.
Not once has it let me down. Not for a minute in the 4000+ hours I've been using it. It just works.
And OpenBSD has the best-written man pages in all of Unix.
When I got thrown in the deep end with Solaris, many years ago, I'd read the Solaris man page for the options, but first I'd read the OpenBSD man page to work out what the hell the command was for and why.
The most offensive man pages are GNU project pages that effectively say, "for real documentation read the info page". Which, as someone that can never remember how to use info, is frustrating and just serves to piss me off...my first thought is "and a big fuck you to you, too". And then I look it up online so I don't have to read how to use info before I can read how to use the command I was looking for docs on.
I don't know if this is common practice anymore...I don't remember the last time I saw a defective man page like this, but I still remember it with great anger. I love GNU, but I hate the kind of condescension it takes to try to force someone to use a different tool because you believe it to be superior to the standard tool (when it's really not; I find info pages to be obtuse to create, and difficult to read).
GNU's stance on man pages is entirely correct! For real documentation, read the info page, but you rarely want real documentation, you just want a quick example or the command-line invocation syntax, or what a particular argument does. And 99% of the time, that will be in a man page.
The problem lies when you want to find something 1% of the time, and it's here that man pages become sprawling unindexed messes. For example, take a look at the man pages for perl or zsh: you'll have no chance finding anything, as those programs are so large that they need a wealth of documentation to go into them. At the same time, the info page for ls contains the things you rarely need to see such as exactly how things are sorted or the minute details of timestamp formatting. If this were all in the man page, you'd complain that you couldn't find anything in it.
I don't know, I always found the perl and zsh man pages to be rather pleasant. They were sprawling, sure, but having long ago given up on brevity, they have no fear of meticulously describing how a feature or flag works. And they're just man pages, so you don't need to read the manual-for-the-manual first like I always find myself doing when I'm forced to use info.
This fundamentally goes against the Unix philosophy though which is to provide small well-defined parts from which you can construct a complete solution from.
If you need a complex manual for a complex program, something is wrong.
What does this even mean? The name GNU itself is a joke.
I mean, the project wants to create an operating system that looks like UNIX, acts like UNIX, smells like UNIX, but from scratch with appropriate license that allows usage and access to source to anyone - so that the project doesn't get into legal trouble from whoever actually owns UNIX?
So drunk Stallman in 1981 says: "hik, let's call this, hik operhikating system GNU, hik, because it's not UNIX hik, but it sure looks like one, hik, but it's not, hik, but it kinda is hik, but it's not theirs hik it's everyone's hik". That's how I like to imagine it happened.
This was my impression as well after using OpenBSD, and when I pointed that out a while back on HN, it was pointed out that the core linux manpages have gotten much, much better in many cases[1]. In that respect, it may be another example of the GP comment.
1: My go-to example was always ifconfig, but linux's manpage for ip(8) really isn't that bad, as is actually the linux equivalent. Quality probably varies quite a bit based on the package that supplies the utility though, while OpenBSD's quality is fairly universal.
I wonder where the best place to report manpage bugs to is - for things like the builtin commands that may not have a single upstream. Does Ubuntu pull in a manpage update from Fedora? What about the other way around?
> And at some point in the last 10 years, didn't OpenBSD's distro servers get owned up?
Yes, a cvs bug I believe. No kernel will protect you from bad user-mode code that really wants to execute everybody's shell script.
> Among security research insiders, OpenBSD's reputation became a little bit farcical.
I spent lots of time looking through the OpenBSD Kernel, togheter with FreeBSD and Linux kernel. It was my job for years, looking for vulns and writing exploits for them.
I still admire the OpenBSD Kernel for their simplicity and tidiness.
No comparision to FreeBSD kernel-side. FreeBSD kernel often have commits of several hundreds of KBs of mostly unaudited code. They still don't enable stack-protection today in 2014. It's a joke. My windows phone had stack protection in 2003.
No comparision to Linux either, the Linux kernel is so huge, so full of code that even if it's way more audited than FreeBSD, there are still vulns lurking everywhere and exploits for linux kernel came out almost monthly. Probably it's the reason it have so many security features, more than OpenBSD nowadays.
Windows, their kernel is a work of art. Microsoft only have to fire the guy that says "hey I got a great idea lets parse some random protocol inside the kernel"
But I disgress. OpenBSD is still very good. Very safe in the default install. It will protect your firefox from being owned by a NSA-sized enemy that really want to hack you? no. But the problem is in the browser, not in the kernel. Don't use a big browser. It's not in the default install :)
Thomas, thanks for that comment. If there was a "best of HN", this comment should be a part of it. Good storytelling, a great business lesson tidbit for all of us, interesting technical discussion, and a good reality check.
I don't recall if I stayed to the bitter end, but I started making provisions for a move after I ended up arguing with Karl over whether inbound mail was being corrupted, maybe around the time of a conversion to (from?) maildir.
I think I started when it really was only Karl, was Dawn his first hire? Hmm, I probably still have the t-shirt as well.
Totally off-topic, but I remember those days. At some point, I got a copy of my customer record and saw "MCS bailers" in the referral field. Got a good chuckle over that. I don't even remember what KD did, but I remember choosing EnterAct because you were one of the last ISPs in the area that offered a dial-up shell. That was in the days when I had a Commodore 128 set up in my home office to mess around on.
Why not just do what Linus Torvalds does and simply trust his hash function? For anyone to tamper with the Linux kernel sources and have him not notice they'd have to generate a SHA-256 collision and somehow get this change past thousands of clones of the repository.
If he's asking for money from me, I would like to know why it's not an option. The root of the issue being raised is power/space, so I'd definitely want to know why I'm forking up for something the project could potentially get for free.
It's not a big deal, and I don't expect him to go into detail. He just won't get a cent from me without elaborating, and that's OK. I'm not mad, and I understand he has mis-givings. I just don't think that answer is acceptable enough for me to donate, but that's my subjective opinion (and not everyone else's).
> The more transparency you have in your discussion, the more supportive people will be.
I think that's total, obvious nonsense and if you need to be convinced, here's an exercise: consider how much money the average nonprofit would raise if people knew where all that money went.
That is a nice tool, thanks. Someone else posted something similar recently and it wanted to charge $250 for membership or something like that.
The web is bringing a lot of good transparency to nonprofits but there's still a lot of repugnant wastefulness and avarice that often isn't captured well by a 990 form. (publishing salaries is pretty huge, though)
I stand by my point that the more a person learns about the average charity the less they're going to want to donate... transparency doesn't magically lead to supportiveness. And wanting a project to account for every watt of electricity is just completely silly.
edit: transparency is a way for better charities to look good relative to poor ones, yes, but all things being equal, it's a negative for fundraising: as with business and government, a lot of what goes on in ANY organization is ugly to look at and is bound to turn some people off. (none of that is an argument against transparency itself, let's just not kid ourselves about its usefulness for raising money)
The more transparency there is, the better the legitimate charities look and the less likely people are to throw money at what turn out to be obvious scams.
I get your point, but I think you're generally wrong. My criterion around that for donating is not, "Is this place perfect?" but "Is this place materially more screwed up than any other organization?"
I'm sure there are some people with unrealistic standards that would not donate at all. And I'm sure that there are plenty of organizations that take advantage of a lack of transparency to do dubious things. But the solution to that is more transparency. And more analysis of the transparent information, so that people can easily contextualize it.
Which is the point exactly. People DO have confidence in the nonprofits they donate to. It might not be warranted at all, but the nonprofit has actively built confidence for their audience.
The average nonprofit isn't worthy of the money they get so unless you are trying to say OpenBSD is not worthy of the money and the only way they can get it is to hide the details then I don't get what your point is.
Probably, but then again if he wants my money he better explain why he needs it and how he's going to spend it, doesn't he?
That being said since OpenBSD is all about security maybe that's the reason they don't want to move the servers to some place where they won't be able to monitor physical access to the machines. That's pure speculation though.
If I'm donating I would like to know exactly where the money is going, and what options have already been explored. OpenBSD should have referenced, full documentation about these things if they want to maximize donations.
Apparently, there isn't very much documentation/open accounting, and they aren't willing to discuss options to reduce the bill. That doesn't inspire confidence.
> Apparently, there isn't very much documentation/open accounting, and they aren't willing to discuss options to reduce the bill. That doesn't inspire confidence.
It is a lot of work for a small team to itemize and publish every expense, but some rough breakdown of monthly expenses that my donation would be going towards would really help.
If their books are clean, this is actually pretty easy. Just pulling an annual operating budget should be much easier, if they have good financial practices and controls in place.
They're not looking for a lot of smaller donators in this specific instance (although I'm sure it's appreciated), but rather one large Canadian company to foot the bill and on that company's books for accounting purposes.
And suppose OpenBSD wanted to know exactly wtf you were planning on doing with OpenSSH after you downloaded it... what servers are you planning to connect to, what keys are you planning on using? You know, if you're going to use OpenSSH they want to know exactly what for. Just leaching off the project doesn't inspire confidence.
OpenBSD releases quality software that all of us use EVERY SINGLE DAY as far as I'm concerned Theo can take the money and buy a yacht with it as long as they keep doing what they are doing.
Yes he can(and probably should) buy a yacht. What you're missing though is that
by not being transparent they miss out on a lot more contributors. So it's not
a super smart move.
Also keep in mind that a lot of contributors might not use OpenBSD, yet they might
be interested in offering some small amount if they believe it's for a good cause
and they know where that money is going.
...there isn't very much documentation/open accounting...
So your feeling is similar to that toward a homeless dude? You'll give him a sandwich but not cash? If they're saying power is the shortfall, maybe we just need to buy them some solar panels or wind generators or something.
Not sure how much they are hiring developers. They said the number they need annually is more inline with $150,000. I'm not sure if that's in addition to current donations or total but you wouldn't be hiring many devs with $150k - $20k for power- wherever Theo needs.
Especially if the fate of OpenBSD as it stands is hanging in the balance. Depending on who is offering, this may be because of the uncertainty of whatever arrangement is being proposed. For example, if a smaller company or an individual offers to foot the bill, what happens if the company/individual later has a budget crunch of their own, or decides to cut ties?
Of course, if an IBM/Apple/Google/etc offers space/power, it may be a less risky proposition.
I'm pretty sure that a lot of the older hardware at least require some degree of hands on administration. Rebuilding an testing a new kernel on a VAX with no remote administration features would slow things down. Having stuff easily available makes a lot of sense to me.
There is "opinionated software" and then there is Theo being an intolerable, obnoxious, ego-maniac.
As such many people are going to see this and laugh and think "good riddance", and will be happy to see OpenBSD disappear.
That will only be enhanced by the fact the books are closed, the shortfall on the electric bill is inexplicably $20k, and nobody is prepared to explain the detail.
In essence rudeness + shady accounting practice != open source community that should feel a sense of entitlement from non-core users
It's a shame because the code (especially the crypto code) is really good. Seriously, go read it: I used to love reading the OpenBSD source, but I never contributed anything because Theo was such an absolute jerk.
I hope the guys who work on the crypto stuff at least either keep doing so elsewhere (Free- or Net-), or a new project without the need for $20k in electricity bills spins up to keep going.