
An open letter to Andrew Tanenbaum - sidcool
https://medium.com/@salvoadriano/an-open-letter-to-andrew-tanenbaum-883e1abe692a
======
s_dev
Sounds like he's blaming Tanebaum for choosing a liberal licence. The same
licence that allows millions to freely download and mess with Minix.

He's criticising Minix for exactly the reason he cites Minix being great --
it's open and free.

If someone wishes to use FOSS for negative purposes -- it certainly isn't
within the FOSS community to stop them.

~~~
bachmeier
"Sounds like he's blaming Tanebaum for choosing a liberal licence. The same
licence that allows millions to freely download and mess with Minix."

The first sentence doesn't have much to do with the second. You can use a free
license that doesn't allow Intel to do what they have done.

"If someone wishes to use FOSS for negative purposes -- it certainly isn't
within the FOSS community to stop them."

That's an odd statement. If I write software, I can do whatever I want with
it. If I want to prevent something I view as evil or want to prevent corporate
freeloading, that's not for the "FOSS community" to decide.

~~~
votepaunchy
> You can use a free license that doesn't allow Intel to do what they have
> done.

Would Linux's GPLv2 have prevented this circumstance? The kernel community has
refused to adopt GPLv3 which would have prevented any "tivoization" [0].

[0]
[https://en.wikipedia.org/wiki/GNU_General_Public_License#Ver...](https://en.wikipedia.org/wiki/GNU_General_Public_License#Version_3)

~~~
bachmeier
It wouldn't. But that's not the only alternative. I was responding to the
claim that the ability of others "to freely download and mess with Minix"
requires a license that lets Intel do what it did. That claim is incorrect.

------
wjnc
Minix is BSD-licensed. Don't blame the creator for the actions of the
licensee. Intels ME is Just that: Intels. Tanenbaum did a one-up on Linus and
intentionally left out politics. Not every outing should be politics.

~~~
calcifer
> Don't blame the creator for the actions of the licensee.

The creator had the option to choose a license that could have prevented this
exact situation. The fact that he didn't, and is perfectly happy with Intel's
usage (since he helped them) seems like enough reason to assign blame.

~~~
akerl_
What license could he have used that would have prevented the thing Intel did?

Lets pretend we've rewound the clock and MINIX is GPL licensed. Intel decides
they want to write a low-level system that controls their hardware that the
user can't modify.

They decide to base it on MINIX, so they start from MINIX, and at various
points lets assume they customize MINIX's code to make it do what they want
(this is questionable, since it seems like many of the things they wanted got
published upstream when they asked Tanenbaum to make those changes). At some
point, they think "let's also add a backdoor for ourselves/NSA/whatever", so
they write a separate daemon to run on their little embedded system to do
that.

Per the GPL, they publish sources for their modified MINIX, and every person
who runs Intel hardware gets a copy of the source for MINIX, but not for the
separate daemon, which Intel doesn't need to GPL. The chip doesn't need to
allow users to replace or change the install Intel is baking onto it.

Now users know they're running MINIX, where they didn't before. They still
can't see what custom code runs in the daemon Intel wrote, nor can they change
or disable the running MINIX install.

What has been improved in this case by Tanenbaum hypothetically changing his
licensing choice?

~~~
calcifer
> Per the GPL, they publish sources for their modified MINIX, and every person
> who runs Intel hardware gets a copy of the source for MINIX, but not for the
> separate daemon, which Intel doesn't need to GPL.

Actually, there is still controversy surrounding this since there has never
been a GPL court case about what exactly counts as a derivative work. There
are similiar concerns around proprietary Linux modules that interface with
GPL'd kernel interfaces.

> What license could he have used that would have prevented the thing Intel
> did?

He could have chosen the JSON approach to licensing [0].

[0] [http://www.json.org/license.html](http://www.json.org/license.html)

~~~
eesmith
I believe akerl_ means "separate daemon" in about the same way that an Oracle
database server runs on top of the Linux kernel. There is no code sharing
(outside of permitted uses of header files), so copyright is not involved, so
there is no GPL issue.

That is, the "separate daemon" really is _separate_ from the kernel.

------
bachmeier
"We have to reassert and remind big corporations that end-user freedom is the
only freedom that matters. More than any license debate"

Actually, the license debate is the full extent of the debate over end-user
freedom. It's the only tool someone writing software has to guarantee end-user
freedom.

------
ksk
>Your operating system is being used by Intel to, potentially, take full
control of any machine powered by their chips.

I would phrase it differently.

"Intel has developed a product, which they sell (to anyone), to allow
companies to manage their computers so that you can do things like re-image
machines remotely, change BIOS settings, etc"

I honestly can't understand the mass hysteria around this. As a 'de-facto'
sys-admin in a small company, I find this immensely useful.

~~~
goalieca
This feature is also a security problem. Putting on my engineering hat, this
stinks!

I understand the needs of IT, but many ´helpful’ IT tools I’ve seen installed
over the years on corporate computers have been making things less secure and
not more

Edit: fixed spellings

~~~
tetraca
I wouldn't care at all if it would be a separate feature that could be
inserted at an IT department's discretion into corporate boxes. They can be
the Staasi for all I care; it's their machines for their purposes. But I don't
want any such chip on my machines and the only way to essentially get away
from it is to fork over $7000 and do all my work on an IBM Power server.

------
mikl
I think it’s a bit naïve to think that Intel wouldn’t have built this thing,
if they didn’t have MINIX as a starting point. They could have used another
open source kernel, or a commercial kernel like QNX, or even built their own
from scratch.

That some people use OSS for nefarious purposes does not mean that we should
stop OSS.

------
ankushnarula
The problem cited is less about the architecture and more about the
implementation. There would be far less consternation if Intel had chosen to
make these components completely transparent and user-replaceable. A truly
open source collaborative effort would likely have mitigated most of the
concern.

On the other hand, Intel might have selected this implementation process
specifically to accelerate delivery of enterprise and OEM requested features
at a time when Intel was dominant and firmware-level security was less of an
issue.

Given the competitive state of the modern volume processor market (mobile and
cloud), it's a safe assumption that Intel will be open to changing their ways.
And if not, AMD or some other company certainly will.

------
maxpert
I think he deviated from topic he should be addressing. A guy like Tanenbaum
should not be exicted or engaged in marketshare debate. His article yesterday
was showing more excitement than his rant over intel keeping it secret and
this article goes the opposite way not addressing real issue. Minix is BSD
license the very same license that lets us tinker with code; choosing license
is not the issue. What I feel happened is that AT finally got a chance to
declare his superiority over Linux or Torvalds I will say and he used that
opportunity (although I don’t believe Intel is still the most used processor
out there let alone minix).

------
peatmoss
Insofar as Tanenbaum's original letter was basically saying "I chose to be
powerless to enforce attribution, but would have appreciated knowing,"
Tanenbaum making a statement about the ethics of the use of Minix would
similarly be a non-binding request.

However, as the creator of Minix, I think going beyond having an amoral
stance, to having an advocacy stance, would be nice.

------
garyfirestorm
Develop a FOSS product and license it so that anyone can use it for free and
modify it and not require to publish the code. (core principle of FOSS
community) But somehow prevent big guys from misusing it. (in this case)

I guess we need laws to prevent this from happening, just like you cannot hide
ingredients on a food packaging, you shouldnt be able to 'hide' software (but
still be able to protect IP rights.) FDA equivalent for silicon chips -
Silicon Valley Administration edit - removed a poor analogy and added ()

~~~
kps
> you shouldnt be able to 'hide' software

The original (4-clause) BSD license includes that.

------
noncoml
Well said. Tanenbaum, with his open-letter, comes out as completely selfish
and vein. The whole world is crying about the privacy implications of Intel’s
actions and all he cares about is not getting enough recognition and credit.

That’s not somebody to look up to.

~~~
analognoise
I thought just the opposite - not histrionic, definitely has the chops,
understood the implications of the license he chose and did not try to cry
foul later.

He's actually done more for open source than almost anyone, now we have the
temerity to say he hasn't done enough in the way we'd like?

That reeks of entitlement mentality from people who don't actually produce
things of value, but have infinite electrons to criticize a giant in the
field.

