Hacker News new | comments | ask | show | jobs | submit login
An Open Letter to Intel (vu.nl)
996 points by varjag on Nov 7, 2017 | hide | past | web | favorite | 363 comments



All Dr. Tanenbaum is saying is that it would have been the classy thing to let him know, nothing more.

Professor Tanenbaum is one of the most respected computer scientists alive, and for Intel to include Minix in their chip and not let him know is kind of unprofessional and not very nice to say the least. That is his only (and quite fair) point.


> and for Intel to include Minix in their chip and not let him know is kind of unprofessional and not very nice to say the least.

I guess Minix' license, which allows this kind of behaviour, is the very reason Intel chose Minix in the first place. I imagine it would be very complicated to get management approval for informing Dr. Tannenbaum about the usage in Intel's ME.

IMHO if he has a problem with the way things worked out, he should have chosen a different license. For example the MIT license requires the copyright and license to be included in distributions.


> IMHO if he has a problem with the way things worked out, he should have chosen a different license.

This is a classic conflation of legalese and ethics/decorum/professional courtesy. Just because something is legal doesn't make it good, and just because something is good doesn't make it legal.

For example, I abhor those who take credit for other peoples' work. But I use a license on software I write that permits folks to do just that.


What license allows one to take credit for another's work?


Any license without required attribution like "The Unlicense" .


That's an extreme reading. If I make a library, don't require attribution, and then you use it in your project without attribution, that's emphatically not the same thing as "taking credit" for my work.


CC0 is another one.


The WTFPL for one.


Sure but polite is often not profitable. Instead make your licenses line up with your wishes. It's another way of saying, "Hey you didn't say you needed it".


The Minix 3 license contains [0]:

    * Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.
So it looks like Minix's license does require the copyright/license to be included in distributions.

[0]: https://github.com/Stichting-MINIX-Research-Foundation/minix...


The strict meaning of "Redistributions" in that clause means that Intel would have to be distributing the OS itself as a product in binary form. Deploying it in an embedded system, and selling that embedded system, particularly in a form where the user does not have access to the OS as a product, does not meet that definition. Tanenbaum himself concedes this point in this letter.


This is quite debatable, not something I'd bet a court case on.

One of my libraries with BSD 3-clause license was used in a U.S. government project. It did require particular hardware and couldn't really be deployed by any random user but they honored the mention clause without any prodding on my part.

My Bosch kitchen appliances came with a whole bunch of software licenses for embedded subsystems, even GPL ones. So it seems actual lawyers in a huge international corporation decided it constitutes distribution.


>So it seems actual lawyers in a huge international corporation decided it constitutes distribution.

I mean, they could also just assume that shipping three sheets of paper with each washer is just cheaper than finding out.


…which still supports my point is that it's hardly trivial and clear-cut issue.


GPL3 was practically created to cover this case, as FSF lawyers didn’t feel that GPL2 is enough to enforce that. Check out the TiVoization clause in GPL3 and its history.


No it didn't. GPLv3 was created to cover the case of hardware vendors not allowing to run modified code. They still have to abide by the terms of the license even if they use GPLv2 -- that is, releasing the source code.


I thought GPLv3 was for many issues, not a single issue.

For example, the software-as-a-service loophole that GPLv3 (and AGPL) closes. We actually had an exploitation of said loophole for the open source Space Station 13 game. People were making changes to the game (each server runs their own modifications, and, the game is pure client/server so the entire 'game' is server-side binary only with dumb clients connecting) and some people were making important modifications and not sharing them with the community AND it was intentional because their mods made them the most popular server to play on (because nobody else had the features). It was a big stink, and eventually someone "leaked" the code, but then nobody could tell if that was legal to use or look at and it became a big, confusing legal grey area. All because they didn't start with AGPL or GPLv3 (or some other SaaS-aware license). The original authors probably didn't think anything of it and just thought "GPL is 'good'. So GPL it is." and that was the extent of it.


What you said is irrelevant to the discussed topic. With GPLv2, the hardware vendors must ship source code -- that is, follow the license. GPLv3 doesn't change this fact nor was it created to make this requirement, as it was already present in GPLv2, which is what we discussing.


Aren't BIOS updates (which contain the ME code) considered binary distributions? me_cleaner woudn't work otherwise.

I suppose you could make the argument that the OEMs are the ones distributing the binaries, but they are out there.


IANAL and someone can correct me but I doubt you're right. Every IOT product I've purchased and even my car either has a printed version of open source licenses or you can access them somewhere within their GUIs.


This doesn't make any sense. For the opposite opinion of many lawyers from many companies, see the list of licenses that come with multimedia systems in automobiles or in your smartphone.


Is there case law to back this up?


In

> http://wiki.minix3.org/doku.php?id=faq&s[]=license#what_is_t...

you can read:

"What is the MINIX 3 license?

The MINIX 3 license is a clone of the Berkeley (BSD) license. In plain English, it says you can do whatever you like with the system provided that (1) you agree not to sue us under any conditions, and (2) you keep the credit lines in the source, documentation, and publicity unless other arrangements have been made. Specifically, you are free to modify the source code, redistribute it, incorporate it into commercial products with only the above restrictions."

Note the passage "unless other arrangements have been made". I am pretty sure Intel made such an agreement with the MINIX 3 developers for this reason.


this can be just a footnote in some manual coming with the cpu, which is likely the thing that actually made the information public.


So could he sue Intel for about a billion dollars now?

Also, my guess is this is part "security through obscurity", part Intel not wanting everyone to know that they used someone else's code for its chips' firmware.


IANAL, but assuming this is breaking the licence agreement, wouldn't suing for money only make legal sense if he could show that this infringement had cost him in some way?

Beyond the valid complaint of this being a personal insult, that is.


It does cost him. More people would know of MINIX and more would have heard of its creator. More people would buy his books, hire him for consulting on OS design, etc.


US copyright law lets you sue for either actual damages plus the infringer's profits OR statutory damages.

https://www.law.cornell.edu/uscode/text/17/504


The first good faith claim to do is to notice Intel to add the copyright notice.


It's rather late now, though, considering it's been around for years now without anyone knowing exactly because they did not include that copyright notice.

I have no idea what copyright law says about damages in a case where the infringing party tries to keep their large-scale infringement secret.


The statutory damages option discussed above does not require a showing of actualy damages. It's just x dollars times the number of instances of infringement. Also, while delay in providing notice of infringement can work against the copyright owner, in this case, because Intel is a sophisticated party (i.e., big company with many in house lawyers and outside law firms advising them), the delay in making a claim would likely not help Intel's case.


He did cover those points in the letter:

> I guess Minix' license, which allows this kind of behaviour, is the very reason Intel chose Minix in the first place. I imagine it would be very complicated to get management approval for informing Dr. Tannenbaum about the usage in Intel's ME.

Tanenbaum: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes run in, etc. My understanding, however, is that the small size and modular microkernel structure were the primary attractions.

> MHO if he has a problem with the way things worked out, he should have chosen a different license.

Tanenbaum: I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

Tanenbaum: The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX 3 was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

-----

All in all, I think Tanenbaum's open letter is partly an exercise in self promotion and partly venting a little frustration that his work has gone uncredited given the scale of its deployment. I might be reading between the lines a little here but I also wonder if he's venting little because he dislikes nature of this particular deployment:

Tanenbaum: Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs.


Tanenbaum has clearly been updating and editing his later added note; I saw an earlier version that didn't include the parts in parentheses and a few other parts.


> partly an exercise in self promotion

if so i don't begrudge that, as it's not like intel was saying much about it. :P


He's one of the last people who needs to do self-promotion. Anyone here who studied CS in university probably did so using books Andrew Tanenbaum wrote.


Self promotion?? The guy is a legend!


Lots of other non-GPL FOSS projects suffer a similar situation. Here in Brazil, the Lua creators having a hard time finding out who is using the language as the license permits people to pick it up, patch, distribute without ever saying "hi!". They are always quite happy when they learn about usage in the enterprise, entertaiment and other cool uses.

Companies using such projects should be more courteous, if only to encourage more of such licenses...


There's a difference between publishing with attribution, and informing the original author.


MIT license only states:

> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

This is weaker than what is in a BSD license:

> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

That is, BSD license explicitly requires copyright attribution for binaries, while MIT does not.


So ... Intel violated the BSD license?


That is a good point and explains the letter better. Apparently Intel cannot fulfill even minimal attribution requirements and the letter is a polite reminder for the company of its duties.


Which is pretty sad - even most crappy mobile apps have a page where they list all open source projects including links to source, license terms, copyright attributions, etc.


> So ... Intel violated the BSD license?

I wrote in

> https://news.ycombinator.com/item?id=15651860

that the MINIX 3 developers openly say in their FAQ that different agreements with them are possible. I would bet such an agreement exists - I don't believe Intel's lawyers would have tolerated such a legal liability.


Professional courtesy is not legally required. But it would have been the polite thing to do.


BSD 3-clause license requires that as well.


But as clearly indicated in the text, dr. Tannenbaum does not have a problem with how things worked out:

> I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

> The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX 3 was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

> If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modfied code, that's fine with me, too.


They could have sent Dr Tanenbaum MINIX chip #50,000,000 and politely requested he did not make the info public? A small gesture of appreciation I guess?


Nope.

His letter point is clearly about widely(1) known debate(2) between him and Linus Torvalds, and ego massage.

(1) widely, if you arent 25 years old proverbial "javascript developer" ;-) - as the debate took place in 1992.

(2) https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_deb...


It's certainly a joking jab at that debate, and while I'm sure he can appreciate the irony of overtaking Linux this way, stroking his own ego is not what this is about. He doesn't need that.

I think the reason he posts this is that, just like everybody else, he's not happy about Intel secretly introducing a massive security hole in their processors. Telling him they were using Minix on such a massive scale would have been polite, but it would also have informed Tanenbaum that Intel was running a secret OS on their processors.

What Intel did was not only foolish and harmful, it was also impolite. Plenty of people are addressing the foolish and harmful parts already, but the impolite part can only really be addressed by AST.


"stroking his own ego is not what this is about. He doesn't need that."

Forgive me for interjecting politics into this debate, but we all know at this point that there is at least one highly successful egotist in this world who still needs to have his ego stroked on a regular (daily) basis. I admire Tanenbaum and doubt that he fits into this category, but the category does exist.


I honestly can't tell if you mean Trump or Torvalds.


It has to be Torvalds. They said "highly successful".


From your Wikipedia link:

"I would like to close by clearing up a few misconceptions and also correcting a couple of errors. First, I REALLY am not angry with Linus. HONEST. He's not angry with me either. I am not some kind of "sore loser" who feels he has been eclipsed by Linus. MINIX was only a kind of fun hobby for me. I am a professor. I teach and do research and write books and go to conferences and do things professors do. I like my job and my students and my university. [...] I wrote MINIX because I wanted my students to have hands-on experience playing with an operating system. After AT&T forbade teaching from John Lions' book, I decided to write a UNIX-like system for my students to play with. [...] I was not trying to replace GNU/HURD or Berkeley UNIX. Heaven knows, I have said this enough times. I just wanted to show my students and other students how you could write a UNIX-like system using modern technology. A lot of other people wanted a free production UNIX with lots of bells and whistles and wanted to convert MINIX into that. I was dragged along in the maelstrom for a while, but when Linux came along, I was actually relieved that I could go back to professoring. [...] Linus seems to be doing excellent work and I wish him much success in the future.

While writing MINIX was fun, I don't really regard it as the most important thing I have ever done. It was more of a distraction than anything else. The most important thing I have done is produce a number of incredibly good students, especially Ph.D. students. See my home page for the list. They have done great things. I am as proud as a mother hen. To the extent that Linus can be counted as my student, I'm proud of him, too. Professors like it when their students go on to greater glory."


Speaking of ego:

"if you arent 25 years old proverbial "javascript developer" ;-)"

Why is this necessary?


We all need a massage from time to time.


Gotta stroke that grey beard


The same reason Vi versus Emacs internet arguments are necessary.


ed all the way!

[this comment was written in Lynx]


Ed! Ed! Ed is the standard text editor!

https://www.gnu.org/fun/jokes/ed-msg.html


Why is this necessary? It's just a little joke.


I would think qualifying a claim of such scope as "widely known" would be very much necessary.


Is it close to being the most used OS with the IME embedding ? lots of mainstream devices don't use Intel chips...

I'm sure A.Tannenbaum is flattered (and duly so, Minix 3 is very interesting) but I'm feeling he's patting himself on the back here.



Maybe it's a smaller class OS compared to Minix though (even though Tannenbaum didn't specify in his letter)


Exactly. When I see something that my friend has found on facebook and I share it, I always acknowledge them for finding it. It's simply intellectual honesty/courtesy. A "thank you" would have been enough. Intel goofed; hopefully they'll make amends. This has nothing to do with legal requirements or financial compensation.


Learning about something from someone's social media post is completely separate from using someone's copyrighted work...

You have a legal and ethical responsibility to the creator of the work, not to whomever put it in your feed.

Of course, we should credit our grade school teachers each time we do arithmetic - Thanks, Mrs. Ashliman!


I'm not sure I follow you here. When a friend shares an article, for example, the article comes as the owner put it on the web- page, author, etc. When I share that article, I say something like "h/t to kbutler for the find" That give credit in my circle to the person in my circle who found it. It's just a courtesy.


> When I see something that my friend has found on facebook and I share it, I always acknowledge them for finding it. That's suggesting Intel should say, "We're using Minix in our chips - h/t Joe Random who posted about it on Facebook"

The courtesy they owe is to Andrew S. Tanenbaum, the /creator/ of the work they are using, not to some individual who happened to blog about it.


???? I don't even think we're talking about the same thing any more. Prolly should just move on.


This shows the cultural difference between private companies and scientists or open source developers.


People inside these big corps tend to have these exploitative mind, even more than in SMBs, because they have a big name to throw around and that opens almost every door.


So a large corporation does something non-classy. What else is new?


The licensee we're talking about here is a corporation, not a human who feels emotions like gratitude and respect. If he wanted them to be "classy" or "nice," he should have included that as a clause in the software licenses.


For the first time I would have hoped that Prof. Tanenbaum included a backdoor in the MINIX network stack. Now that would be kind of ... cool?


[save]


Wrong thread? Nothing you wrote has any relationship with what GP commented on.


[flagged]


Could you please not be rude to other users here? We're trying to have a civil conversation.

https://news.ycombinator.com/newsguidelines.html


> this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users

I'm sorry, but I don't feel free because of that.

What I see is that I have proprietary code I never saw, never vetted and which I don't (and shouldn't) trust that's running on all my computers (not all, but you can get it) and that I don't have the freedom to remove, examine, modify or replace. There are already a lot of blobs that aren't audited by anyone outside their manufacturers running a lot of basic functionality on my computers. I don't need another blob running on god mode on my CPUs.

So, no. The use of the BSD license here is harming everyone but Intel. Hopefully, we can make it harm Intel if we make it clear (with our purchasing power) it is not cool to force us to run software we don't trust. It only serves to show that the BSD license preserves the freedom of the developers and packagers AT THE EXPENSE of the users.


You're conflating different things. Intel is free to use MINIX which is exactly the freedom the creator of MINIX intended when selecting the license. You are not a party to that transaction.

That Intel uses this software for a purpose you disagree with is immaterial to this discussion. Had MINIX not been available under a permissive license, Intel would have found some other (but presumably more expensive) way to largely achieve the same thing. They did not come up with and implement the management engine because MINIX was BSD licensed.


> You're conflating different things. Intel is free to use MINIX which is exactly the freedom the creator of MINIX intended when selecting the license. You are not a party to that transaction.

We are not a first party in that transaction, but feel very much the consequences. Therefore it does involves others. Most actions have an influence on others and therefore there are responsibilities for the consequences.

If you sell lower quality concrete to a building company which builds a dam that break and kills many people, then you have blood on your hands and should be treated as such, even though you were not a first party in the dam construction.

> That Intel uses this software for a purpose you disagree with is immaterial to this discussion.

It is very much not immaterial. It _might_ be legally irrelevant, but it is not without importance.

> Had MINIX not been available under a permissive license, Intel would have found some other (but presumably more expensive) way to largely achieve the same thing. They did not come up with and implement the management engine because MINIX was BSD licensed.

I hope they need to spend a lot of money and energy and effort for taking others freedom away. The cheaper it is for them, the more likely they do it.


Your beef is with Intel and the ME (specifically, the inability to disable it), not with Dr. Tanenbaum, MINIX or the BSD license. There is no causal chain from these to the Intel ME.

It may feel good to have a target to direct anger at, but it's not the right target and it's counterproductive. Free software, including that under the BSD license, has made computing vastly safer.


[the BSD license] has made computing vastly safer.

You have to at least stop and wonder whether that's true, though.

Your point of view and their point of view are both valid.

Unfortunately, both of you can be right, and we all have to live with that ambiguity.


I don't believe he is conflating anything. The author of the letter puts forward the notion that using the BSD licence was a good decision because it maximised the probability of companies like Intel using it. The commenter is implying that there's nothing particularly good about Intel having the free ability to shove a closed source ME-11 into most of our computers, that using a different licence would have in fact stopped them doing so, and that, contrary to your point, may in fact have led to them releasing the source.

"not party to that transaction" and "immaterial to this discussion" have no place here, we're discussing an open letter and we're free to evaluate his position however we feel. If the author wanted to have a private conversation with Intel he was free to do so.


Right: non-copyleft free software makes it cheaper - and therefore more likely - for companies to screw people.


Tell that to Microsoft, Oracle, SUN, IBM, Novell and SCO.


Non-copyleft proprietary software is even better.


If you are worried about this un-vetted blob, it means you don't trust Intel; if you don't trust Intel, why does it matter that they have this blob running in 'god' mode? They ARE the CPU, so they aren't just god 'mode' they are god itself.

You are trusting the CPU to do what you ask it to do. If intel were to do something shady, they wouldn't need a un-vetted blob of code to do it, they could do it directy in the CPU itself.

I guess my point is that you have to trust the CPU manufacturer, whether they have this code or not.


You are partly correct, but I think you're overlooking some things. I agree that we realistically have to trust Intel that their CPUs will do what the code tells them to. However, in this case they're actually telling us that the ME chip has overriding control over the system, that we can't tell the chip what to do, and that they won't tell us exactly what it's doing at any time or allow inspect the code its running. That isn't the case for their CPUs. This also opens up the possibility of a third party either finding a vulnerability in the code that we don't have access too, or simply gaining access to Intel's code signing keys, and using it to attack our computers. That's possible if the code works as designed, whereas that does not apply to CPUs.


Yeah, I guess my comments was assuming the trust was of the type 'trust not to do something nefarious' rather than 'trust not to have a vulnerability'. You make a good point about the latter being a more serious concern in this case.


Maybe you've got it backwards? Maybe many people trusted Intel until they learned about the ME and how hard it is to switch it off, and the fact that if you switch it off you should use a special flag requested by the NSA that was previously unpublished.

I certainly trust Intel way less than before some of the more fishy details about the Intel ME got out.


Intel's grown so big that you can't just do that anymore. Who's to say there ever won't be one employee on his last day with less ethics than you.


I completely sympathise, however your argument is based on a horse that has already bolted. Un-audited binary blobs already exist and run on your computer. Now off course, there is still an argument that you may not want even more un-audited binary blobs running, but security is about the lowest common denominator. We have passed that point already. Resistance is futile!


The management engine is one of the hardest binary blobs to remove though. Other ones like wireless and graphics firmware can be avoided by picking the right hardware, but the CPU doesn't have as many competitive options.


At least the blob inside my wireless controller has no access to the data that the blob in the ethernet port sends to the NSA...

That little Quark core has access to pretty much everything.

BTW, I'd love to use it to collect very low level performance data on the main CPU.


This is why the GPL is so great IMO. It would force Intel to either release the source code or use something else.


It would also force Intel to give us a means to replace ME with something else which ultimately puts the user in control.


Only the GPLv3 would force Intel to do that. With v2 they can go the TiVo route and make the source available without giving out the means to make the hardware run your own binaries.


Which means they could’ve used Linux if they wanted to


Why can't Linux use gpl v2 or later? Because Linus doesn't want to?


Linux is version 2. Linus is adamant about not using version 3. IIRC, some contributions are v2 or later, but as long as a majority of the code is v2 only, the whole package is v2.


"IIRC, some contributions are v2 or later, but as long as a majority of the code is v2 only, the whole package is v2."

If even one component is v2 rather than "v2 or later", then (I'd assume) the whole project is v2-only, majority or no. It's also not clear if it's permissible to make contributions under "v2 or later" licensing terms, since those contributions are derivative works of Linux itself (which is v2-only).

This will almost certainly always be the case, since changing Linux's license to "GPLv2 or later" (let alone GPLv3) would require unanimous consent from every contributor (and seeing as how - IIRC - one or more said contributors are dead, that consent is thus impossible to achieve unanimously).


The only sensible way to do it is to locate all parts still licensed under GPLv2 and ask every copyright owner alive (or their estates) to relicense their contributions under GPLv2+ or rewrite them from scratch licensing them under GPLv2+.

And convincing Linus the rewritten versions are objectively better than the old ones.


Nope, because they wouldn't use it then. I am not sure why people think the GPL had so much leverage over larger companies that will just build something in house.


But large companies use quite a bit of GPL software. I'm checked my phone, my PVR, my car media system and proprietary GPS I have and all of them have an open source license document that includes some GPL code.

For a hardware company, the GPL just isn't that much of a competitive disadvantage, since most of the software is written to work with their hardware.


Please convince Nvidia of that. Their closed source drivers are a major hindrance in the Linux community. They keep them closed because they feel the driver source would reveal additional details about their hardware, giving up some of their advantage over competitors.


I'm not sure why they used Minix at all. Surely Intel has enough expertise to build a custom OS that does exactly what they need and nothing else? That would have been easier to control for them, and it would have prevented this Minix-related news, which adds only more attention to something they'd have preferred to keep quiet.


Good. At least it will cost them to develop in-house. Raising the expense of doing user-hostile things is one way to dissuade companies from doing them.


Which is exactly what Intel did, since Intel didn't use e.g. Linux. If there were no BSD based OS to use, my bet is that Intel would have continued to use a closed source OS.


Even if they used Linux, they could just go the TiVo route and not release the signing keys


> or use something else

Which they did and if there was no alternative, they would develop 100% of it in secret. I think this is the opposite of great.


Absolutely. This is my first thought, too. What a ridiculous idea, that we have somehow achieved maximal freedom by giving Intel the legal means to hide from me what I'm being forced to run against my will.


You are not the user in case, Intel is.


Intel is not the user. They are a vendor, a publisher.

By calling them "users" and saying "users have freedom" you are conflating things needlessly.

We are the users here. We severely lack freedom. (Thanks BSD!)


Using copyright laws to force a person to release the fruits of their labor is not a definition of freedom that is widely agreed upon.


You are confusing things here. It is not about releasing fruits of labor. Intel is screwing us over and it is about stopping them.


Its not as black and white. At my company, the company owns the machines, and we have been looking at using Intel's AMT internally. I don't think Intel is screwing us.


That is cool. Good for you. I don't want to steal anything from Intel. I just want a way to opt out of ME and its siblings.

You seem like a troll or a bittered person.


Depends on who the user is. In a company, the company owns the computers, not the users. I'm willing to bet that ME was designed for legitimate corporate deployment scenarios.


You're perfectly free to not use Intel processors, and this 'GPL vs the world' argument is orthogonal to the BSD license.


[flagged]


This is like saying North America and Europe don't have freedom because you're not free to kill/abuse/take advantage of the others however you like. Freedom doesn't work like that.

The GPL restrictions are for keeping the freedom equal for all parties involved.


And it works great. I know very few software companies that will go anywhere near the thing. Good job GPL /s


Have you considered that developers may have motivations other than attracting as many companies as possible to make millions off of their free labor?


Yeah, but it inconveniences me


The freedom to deny freedom to others is not freedom. Society at large, particularly in the US, is having trouble with this notion.


> one of the most restrictive

restrictive for the developers. GPL freedom is for the users before anything.


I can't tell if this is earnest or 2nd degree. Can people more familiar with Mr Tanenbaum's style enlighten me?

Because if this is earnest I'm quite seriously baffled. I don't mind BSD at all and I won't comment on the political side of things but why on earth would you rejoice that you worked for free (I assume?) for Intel only to have your work end up in some user-hostile module forced on the users? Is Tanenbaum egotistical enough that merely having his work be "the most widely used computer operating system in the world" justifies everything? And then he uses that to argue that BSD is superior to GPL because this way big companies can use the code without giving anything back? Great success.


It seems entirely earnest.

I think the Hacker News crowd is just a little baffled because there are some conflicting emotions on display from Dr. T here. Conflicting emotions are a very human thing to have, and are guaranteed to confuse the engineer crowd.

1. He's glad Minix is useful to others

2. He's slightly hurt that Intel repeatedly asked him for help (which he provided) but never bothered to thank him or even let him know the purpose of their inquiries. ("That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.")

3. He admits that his choice of license permits this behavior, so he (slightly grudgingly) accepts their choice ("If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users")


#2. Exactly, seems to me an academic kind of thing, he helped them a lot, a little attribution would not have hurt, and the lawyers could have easily been told to pipe down.

#3. It does offer the maximum freedom to some potential users, but no responsibilities to extend those freedoms to others. In my opinion this is why the GPL truly extends the maximum amount of freedom to everyone, users, lusers, abusers, and just plain old hackers.


> #2. Exactly, seems to me an academic kind of thing, he helped them a lot, a little attribution would not have hurt, and the lawyers could have easily been told to pipe down.

The BSD license used by MINIX 3 requires attribution:

> http://wiki.minix3.org/doku.php?id=faq&s[]=license#what_is_t...

"The MINIX 3 license is a clone of the Berkeley (BSD) license. In plain English, it says you can do whatever you like with the system provided that (1) you agree not to sue us under any conditions, and (2) you keep the credit lines in the source, documentation, and publicity unless other arrangements have been made. Specifically, you are free to modify the source code, redistribute it, incorporate it into commercial products with only the above restrictions."


I believe Intel did give attribution, but to MINIX itself. It really is just an ask for a 'hey, thanks' that was deserved.


Hackers have problems understanding this kind of "vanity issues" (I also openly admit that I have difficulties).

I am not aware that Intel gave any credit that is visible to the end-users of their processors (otherwise I would surely have seen it, since my laptop has a Skylake processor - so it uses MINIX 3). I am also not aware that my laptop included a leaflet that mentioned MINIX 3 somewhere.

So my assumption rather is that Intel's lawyers reached an agreement with the license holders of MINIX 3 that they don't have to give credit (which is perfectly fine - even the quote in my parent post mentions this possibility). But if they did such an agreement they said that it is perfectly fine to them (in particular for Andrew S. Tanenbaum) that Intel does not credit them publicly. I thus consider it as rather unfair to complain when such an agreement exists, because one typically does not demand such an agreement if one plans to credit them nevertheless.

So I rather believe what happened is this: Intel came to the MINIX 3 developers to get them to sign such an agreement, which allows Intel not to give attribution. Andrew S. Tanenbaum signed it, because it sounded too good to be true and gave MINIX 3 some very renowned key customer. But he did not consider that this might put MINIX 3 into very common use without any users being aware of it. So he "suddenly" realized the loophole of this agreement and now considers himself treated unfairly.


I think he would of appreciated some type of compensation from Intel given its massive usage by a massive company. Not even a small thank you donation. It is sort of shitty on Intel's part to not compensate him at all and also they got a large number of questions/support from him.

They should throw a donation of $1M his way. Even at that rate, it is a massive steal.


Yes, that's how I interpreted the joke about the license's failure to mention the appreciation of payment. Chump change to Intel is a big deal to an individual.


Not sure about earnest but I'd be very surprised if it wasn't sincere.

As to Prof Tanenbaum's style, if I'm feeling a teeny bit uncharitable, I'd say this is perfectly in keeping.

Since the infamous exchange between Linus and him where he came off as being a bit condescending, a lot of his writing on that subject has given the strong impression that he grudgingly accepts that Linux "won" but that it's somewhat of a travesty. And that winning means that it's the OS of choice in billions of devices.

What I read from this statement is that he now feels like it's not so clear cut and he's somewhat vindicated. He's just a bit miffed that no-one told him earlier.

> Is Tanenbaum egotistical enough

I don't think this is ego so much as professional pride. Linux is the architectural antithesis of Minix and that definite rankles. But more positively, he and his students worked hard (and took quite a lot of money) to make Minix 3. He wants it to be used.

I have no idea whether or not he's privately concerned about the way this has been used. But it wouldn't surprise me that he's hopeful that it will raise the profile of Minix and get folk to consider it more seriously.


> And that winning means that it's the OS of choice in billions of devices.

You already hint at this, but I would expect that it is more about what that quantity represents (obviously you cannot really untangle these things).

For example, it speaks for itself that number of users has a direct influence on to the number of developers and computer scientists working on the system and improving it. Or from Tanenbaum's point of view, fix issues that shouldn't have been there in the first place.


He was my prof. This is clearly his style, he is being earnest. Also, this has been the address of his web site ever since the web started. Also see his later added note: Many people don't like the idea of the management engine in there at all, but that is a separate issue from the code it runs.


(Edit: removed silly comment about a personal interaction. The letter has also had addendums making the intent more clear. I will add "shut up on the internet" to the list of things I've learnt from the author)

I read this as, for want of a better word, snarky.

I'd bet if it wasn't Minix, L4 would have been on the cards. That's another microkernel that runs in coprocessors like your phone's radios that probably nobody will ever mention out loud.


Having been on both sides of the equation: imagine if a complete stranger acts like they are your friend, even though you've never met them, and offers nothing in the way of reciprocal ice breaking. Now repeat this dozens of times and bias it towards the socially inept and spergy.

The only thing that works from the celeb side is to power through and intently turn the conversation back onto the fan. But that requires genuine interest that you may not have the energy for, and it may not be what _they_ are there for either. There is a reason comic con actors charge for autographs: it's a very light weight form of prostitution.

Fans are genuinely annoying. They break every social rule, and come with a one way sense of familiarity only possible through modern technology, which our primate brain is poorly equipped for.


Don't have heroes. Don't put people on a pedestal. People have flaws, quirks, and failures. Admire good people for the good that they do, despite their flaws.


Having met Niklaus Wirth and Richard Stallman, I know where you are coming from.

Still I do see as important to actually get to know the people behind the words.


Snarky? Yeah, in a way. Honestly he just seems a little hurt that they didn't extend the courtesy of letting him know what they were going. But at the end he admits that he's the one who picked that license.


> But at the end he admits that he's the one who picked that license.

He's talking about publishing code. The BSD license explicitly requires including the license somewhere (anywhere, really).


It's a bit of both I think. Tanenbaum absolutely has a sense of humour, but it's a fairly dry wit. In this particular case, I'm certain he would have honestly prefered to have been informed. It's nice to know when people use something you're giving away on such a large scale. There's certainly some professional pride in that.

At the same time, I'm sure he's totally aware that Intel wouldn't have told him anyway, because they meant to keep this secret, and AST is rubbing it in that their secrecy is not only deceptive to their customers, but also making them impolite to the creator of the OS they use. Presenting that impoliteness as the bigger problem is probably a joke.

He does make it clear at the bottom that he's not at all happy with how Minix has been used here. He's also aware that it's not illegal, but that doesn't mean it's not impolite. Towards him, certainly, but of course also to the end user.

He's probably serious about about the Berkeley license being superior, even if it means people use his work for things he doesn't approve of. His comment about Minix being the biggest OS in the world is a bit of ironic vindication, I think. I don't think it's actually true, considering how much Linux runs on ARM chips, and indeed many PCs use AMD chips, but it's a good joke, and nobody is going to take that opportunity away from him.

He's definitely serious about microkernels being superior. I don't doubt he wants to see that as the real reason why Intel chose Minix.

I have no idea how accurate my assessment is, though. It's been about 20 years since I followed his lectures, and never had any kind of personal talk with him.


This is earnest in that he would have liked someone from Intel to tell them.

It is completely earnest in the sense that he is not expecting any money from it. Likewise he has never expected anything from Linus Torvald when MINIX was used as the primary source of inspiration for the Linux kernel when he started out with it. Although they did have some pretty serious discussions about it, but nothing more than that.


> Is Tanenbaum egotistical enough that merely having his work be "the most widely used computer operating system in the world" justifies everything?

He wrote an open letter just to tell everyone his OS is the most widely used in the world - even though he didn't need to, because 20 news outlets already did that job for him - and that he wants recognition. Of course it's ego. But he may not need to 'justify' it because he may not give a crap either way.


andrew tanenbaum wrote the operating systems design and implementation book (amongst others) which is widely used in computer science programs around the world, i don't think he gains anything by not being earnest.


If you have worked years on something, you rather want people to use it then for all work to be in vain. Even if that means giving up all rights.


It depends I think on a few things; one, finance. I think he's making plenty of money with his books and his career at the university, so I don't think that's a problem for him. Two, morals. If Minix was used in e.g. ballistic missiles (which it might just be) I'm sure he'd have objections - even if there's nothing he could legally do about it due to the license, as acknowledged in this letter too.


Of course it's earnest. If it wasn't he wouldn't have picked the BSD license, which rejects the notion that you're poorer today than yesterday just because someone started using some software you wrote.


The notion of the GPL is that end users are poorer if they don't have source available and can't fix bugs in the code they're using. Intel ME, meaning people are running systems with exploitable vulnerabilities that they can't fix, is one of the clearest arguments in favour of it.


One can also fix bugs without source code available (it is just harder). The Intel ME's problem rather is that one perhaps can fix bugs, but not upload the bug fixes back to the chip because of the required signature.


Both those things are problems (it's possible to work around the signature issue, but it makes it a lot harder, just as with not having source code). And both are addressed by the GPLv3.


It's not my point and that's the type of discussion I explicitly tried to avoid.

BSD is my go-to license for my own code so I have no prejudice against it. That being said if some company contacted me about some of my code, asked me to do some modifications for free then used it to power a module that many people consider user-hostile and probable backdoor while not giving anything back, be it code, money or credit I don't think I'd write a blog post saying how happy I am that my code is so successful and how it proves that BSD is so much better than GPL.

It's one thing to say "the code is BSD, there's nothing wrong about what they did", it's an other thing to say "thank you Mr Intel for using my code without giving anything back, I just wish you had told me earlier so that I could have thanked you before!" which is frankly what this open letter sounds like to me.


The GPL license does not support that notion either.


> which rejects the notion that you're poorer today than yesterday just because someone started using some software you wrote.

are you arguing that we aren't all poorer with an unmodifiable black box running in our CPUs ?


Arguably, the box could be even blacker were a large company to feel like they had no implementation to turn to and forced to develop everything internally.


It’s not about money. Intel has improved the software, by making it more modular, but kept that improvement for themselves. That’s the problem with BSD IMHO.


That's not a problem. You are not entitled to the work of others. And the original bsdl code is just as available to you as it was to them for you to improve upon in a similar way.


> You are not entitled to the work of others

I think you missed the point, or I didn't convey it correctly.

I am not talking from the point of view of a third party, but rather that of the author of the original software.

If somebody uses my software and improves it, then it’s only fair that I get to see the changes.

That’s why AGPL 3 is the license of choice for my code.


It is hard to tell, but I think he might be being ironic.


> when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free

Some piece of code that also cost time (and possibly someone's else money) to develop, and that they got for free?


It should be noted that Minix is code that was developed by university researchers. Researchers who are payed for by (primarily) European and Dutch tax euros.

Also note that many of that time, energy and money to modify GPL code is not just programming time, but also a lot of legal advice time. With BSD-like license it should be immediately clear what you can do with the code (i.e. almost everything).


This is probably gonna be a controversial view but my experience is this as well: Deploying GPL code is a legal process. Deploying BSD is a development process.

We spent thousands of dollars on legal advice when deploying GPL. In the end it was largely as we expected it to be: No significant action was needed beyond releasing the code to the components that we already got for free, with the minor modifications we had made. But we had to be sure before we committed to using GPL code.

Today, we have a blanket "yes you can" policy for BSD code while GPL is still on a case by case basis.


I agree that many companies have that attitude towards BSD versus GPL, but is there actually a rational basis for it? Given that you've apparently already gone through the legal process and found out that the GPL means what you think it means, why are you holding it to a higher standard than BSD?


If one of your employees accidentally copies even a single bit of GPL-licensed code into your privately licensed code or statically links against such code even once, and it gets ‘outside’ in any way, you legally have to release that version of your code under the GPL. Worse, the source code of all versions from _before_ that checkin automatically become GPL-licensed (because they contain code that, transitively, becomes GPL because it later was linked with GPL-licensed software)

Yes, that may not hold up in court if it is a tiny non-essential fragment or, if you revert to old code soon, etc. but that’s not the point; if you end up in court, you already lost.

With BSD-licensed code, that risk is way smaller. The worst you have to do is add a few (or quite a few thousand. Go check Setting/General/About/Legal for an example) attribution lines to the versions of your code that use the BSD-licensed code.

(Also, even if you choose to license your code under the GPL, you have to track licensing, as it isn’t legally possible to combine GPL2 and GPLv3 or APGL and GPLv3 licenses or any GPL with ApAchexlicensed code in a single binary. See https://www.gnu.org/licenses/license-list.en.html. If you want to troll GPL aficionados, license your code under GPLv1)


Thats incorrect on many points:

1: A single-bit is not copyrightable. True and false is not copyrightable. No one in history have ever been sued for a single bit. No one has ended up in court for a one-bit GPL code.

2: If it get "outside" accidentally, there is a direct remedy that do not include releasing anything. You stop redistributing the program. Practically all GPL related lawsuits started with the words "please stop infringing my work", and when that did't work, "Judge, please stop them from infringing my work". The only companies that have ever been "forced" to do anything is when the option is between a full stop in production and sale, or releasing source code. One such company chose to not cut revenue, not stop production, and instead gave us the code which the OpenWrt project was created on. I wouldn't call that "forced".

3: Code do not transform from being non-GPL to GPL. That is not how copyright work. Code is only under GPL if you explicitly release a piece of code under GPL. If you put MIT code and gpl code together, the MIT will still be MIT. The combined work must explicitly be under GPL to be compliant, but you can still use the MIT code in isolation under MIT. The MIT code do not transform into different licenses just because you combine it with other code. Only explicit action counts, and the worst thing that can happen from code getting ‘outside’ in untended ways is copyright infringement where you legally have to stop distributing code.


> If one of your employees accidentally copies even a single bit of GPL-licensed code into your privately licensed code or statically links against such code even once, and it gets ‘outside’ in any way, you legally have to release that version of your code under the GPL.

> With BSD-licensed code, that risk is way smaller. The worst you have to do is add a few (or quite a few thousand. Go check Setting/General/About/Legal for an example) attribution lines to the versions of your code that use the BSD-licensed code.

Accidentally copying GPL-licensed code into non-GPL-licensed code puts you in exactly the same legal position as accidentally copying BSD-licensed code without attribution: you are now, technically, violating copyright, and in theory liable for statutory damages of $150,000. You're never forced to release your code under GPL; the GPL copyright holder might insist that you either release your code under GPL or pay the $150,000, but equally the BSD copyright holder might insist that you pay the $150,000 - they're within their rights to do that.

In practice the author will most likely be willing to work with you to sort it out in either case.

> Worse, the source code of all versions from _before_ that checkin automatically become GPL-licensed (because they contain code that, transitively, becomes GPL because it later was linked with GPL-licensed software)

This is simply false.


Where do you get the $150,000 figure from?

I would disagree that the situation is the same. The way to remedy the BSD situation is simple attribution. The way to remedy the GPL situation is release of the entire source code.

>> Worse, the source code of all versions from _before_ that checkin automatically become GPL-licensed (because they contain code that, transitively, becomes GPL because it later was linked with GPL-licensed software) >This is simply false.

Is it? If you are forced to release all your source under GPL any new release of that software will contain software released under GPL, even if the GPL specific changes are rolled back.

My interpretation is this: If you have two functions, A() and B() where A() is released under GPL. If you then release software where B() is defined as :

B(): ... A()

You now have a product which is a work derived from GPL code so you must release the source code for B(). Now you release B() under GPL. So you go back to the commit right before including A() and make a new branch with a new commit:

B(): ... C()

BUT! B() is now source code released under GPL so any changes to it must also be released under GPL.

How have I misunderstood?


> Where do you get the $150,000 figure from?

Years of conversation about this kind of stuff, I don't remember specifically. Looking it up wikipedia says $150,000 is the upper limit for wilful infringement, accidental infringement is lower, but that doesn't affect the argument.

> The way to remedy the BSD situation is simple attribution. The way to remedy the GPL situation is release of the entire source code.

The damages are statutory plus actual damages (almost certainly $0 for someone who doesn't make money off their software directly), not "what you would have done". You have the same options in either case: reach agreement with the person whose copyright you infringed, or go to court and pay the damages. So your worst-case liability is the same either way.

> BUT! B() is now source code released under GPL so any changes to it must also be released under GPL.

As you acknowledged in your reply, you still hold all the copyrights on B and can still release B under any terms you please.


(Aside: it doesn’t matter whether B calls A; linking with it is sufficient. In your example, B’s source became GPL licensed because it was linked with a publicly released A)

My logic was incorrect. I assumed that the exact same source code for now GPL licensed B from earlier revision revisions would have to be GPL licensed, too (and because of it, anything linked with that, linked with code linked with that, etc.).

However, licensing (unlike copyright) doesn’t work that way. Copyright owners can even release the exact same set of source code 7nder multiple licenses.

My conclusion still stands, though. Companies are right to worry about using GPL-licensed software.


Or you can stop using it, and talk to the copyright holder of the GPL'd code and ask what they want.

Or if it's GPL v3 you have additional rights, fix it in 60 days etc.

http://www.softwarefreedom.org/resources/2008/compliance-gui... section 5.2


The process was figuring out that we in no way mix any GPL code with our own code. As long as we don't do that it's fine but we still have to make sure every time we touch anything GPL'ed.

My personal opinion is that it's because the term 'a work' which is used liberally in GPL is a legal term and can potentially be interpreted quite broadly. This means that we have to ensure - every time - that what we do does not constitute 'a work' which derives from GPL code - in the legal sense - if we do not want to distribute the source code that we create.

With BSD we don't have to go through that process because it will not result in us losing control over our own software. We just need to stick a disclaimer in a license file and we're done.


GPL usage depends on how you're using it. If you have two pieces of software, an internal only (e.g. a dashboard/deployment tool), and an external product, using GPL'ed code has different ramifications for both deployments.


I'm so tired of hearing this. The GPL is only a legal problem if you are trying to skirt the rules and distribute proprietary software but use GPL components. I've never needed to legal advice to deal with GPL code.


> The GPL is only a legal problem if you are trying to skirt the rules and distribute proprietary software but use GPL components.

Well, a random developer can't simply assert it - you need lawyers to make sure you really are conforming to the GPL. With BSD, you don't. This is simply the ground reality.


That is not true. If a company does not follow the GPL and is called out, they can simply do what the GPL tells them to do and the case is done.


>That is not true.

What are you basing this on? Personal experience? Speculation? Other?

>If a company does not follow the GPL and is called out, they can simply do what the GPL tells them to do and the case is done.

Ask Cisco if the lawsuit from the FSF was fictional.

I was involved with the GPL license a few years back when I was consulting on an embedded hardware device product. We wrote to the developer and requested them to re-license the software in exchange for a payment. They refused and we decided to use a differently licensed product in the end, based on legal advice.


>>> you need lawyers to make sure you really are conforming to the GPL.

>> That is not true.

> What are you basing this on? Personal experience? Speculation? Other?

The FSF and SFLC use litigation as a _last resort_, when the offender does not cooperate to alleviate the breach of the GPL [See below]. The Linux community is also largely against litigation [https://lwn.net/Articles/698452/].

>> If a company does not follow the GPL and is called out, they can simply do what the GPL tells them to do and the case is done.

> Ask Cisco if the lawsuit from the FSF was fictional.

The FSF tried before to work with Cisco to comply with the GPL:

“In the fifteen years we’ve spent enforcing our licenses, we’ve never gone to court before. While litigation is a last resort, we’re prepared to take the legal action necessary to defend users’ freedoms. With SFLC’s help, the FSF is able to take effective action,” said Peter Brown, executive director of FSF.

from http://www.softwarefreedom.org/news/2008/dec/11/cisco-lawsui...

> I was involved with the GPL license a few years back when I was consulting on an embedded hardware device product. We wrote to the developer and requested them to re-license the software in exchange for a payment. They refused and we decided to use a differently licensed product in the end, based on legal advice.

I don't know your situation so I can't comment on it. Maybe your business model depended on your users not having control about the software they use. Because in that case the GPL is a problem.


So you wanted to write proprietary software on top of someone's GPL code, the developer couldn't be swayed by money, so now you are bitter about it? Talk about entitlement.


>So you wanted to write proprietary software on top of someone's GPL code,

Incorrect.

> the developer couldn't be swayed by money,

Incorrect. We made the request on the basis of legal advice to avoid licensing trouble. These are real things that happened on a real project. The idea that lawyers are never involved when using GPL'd code is a fantasy.

In any case, the reason the developer refused is because there were multiple contributors on the project, and it would have created a headache for them.

>so now you are bitter about it?

Incorrect.

>Talk about entitlement.

So rude. Wow..


> Deploying GPL code is a legal process.

Deploying GPL code is only a legal process if you make it one.

If you're using it to write or deploy other GPL software, it's pretty much a straight forward affair. And if you're not using a GPL license, well, that's your problem: there's nothing stopping you from using the GPL to make all the hassle go away.


That's true. Releasing other open source software using GPL software is much simpler. But if it's desirable to deploy closed source software GPL may not be the right choice unless you have time to sit down and consider the legal ramifications. In many cases there may be none if you use it in the right way but it should be and is being considered when companies decide consider whether or not to use open source software.

That part is often significantly simpler with BSD which is why it's significantly easier to just allow BSD and have a case-by-case basis for GPL.


> desirable to deploy closed source software

Well, that's a peculiar desire. If a programmer wants to state "I do not want my code to be used in closed-source proprietary software" there's little more they can do than release under the GPL.

There might be some good faith legal consultancy in seeing how, for example, the CDDL and the GPL interact, but for using GPL code in closed source products, the only excuse really is "What can I get away with?"


I have a suspicion that you need new lawyers. Having two different processes for two very common licenses seems a little off. The two cases aren't that different, legally.

The GPL does require some extra work, but it's on the technical side, to make sure you're shipping all the source that you need to ship.


Just a single outside lawyer we consulted with :) We already had processes in place for dealing with BSD.

The reason for consulting with a lawyer was to ensure that we didn't do anything wrong which would later require us to open up source code that we didn't want to open up.


[flagged]


The GPL may be very clear, but its interaction with the laws that are in force in your area may not be.

As a (very) extreme example: I could write a license that says: if you use this code, you are now my slave. This license would not be valid in most jurisdictions; in fact, it might get me in jail. So, what you read in a license may or may not be true or enforceable.


> The GPL is very clear; anyone with even a semi-decent high school education can read and understand it.

The amount of discussion on HN about the GPL, and whether a project is or isn't complying with it, makes me think it's not so easy.


> The amount of discussion on HN about the GPL, and whether a project is or isn't complying with it, makes me think it's not so easy.

I think it's not that the GPL is unclear; it's that people want to violate its provisions while not being held liable for their violations. 'We want three parallel red lines, one green and one black, all intersecting.'


Writing new code also take time and money, which is why LGPL (including LGPLv3) is heavy in used in industries which have a lot of compeition and no time or money to waste.

To take a example, I often see LGPLv3 in big AAA games. I also see licenses that say "we asked the developer in a email and received special permission". Game studies seems to happy spend legal advice time if it saves them developer time, and from where I stand it seems to be a clear competitive advantage to do so. The only licenses they don't use is those that conflict with their core business model.


The main reason to mention GPL specifically is as a side-attack to Linux. This feud has been going on for a looong time.

Finally MINIX is more popular that Linux! Never mind that it's being used as a backdoor.


As a backdoor that cannot be closed by the ordinary user.


This struck me as bizarre as well.

You're thanking someone because you relicensed your hard work so they can use it for free (BSD) and you complied?

All for the stated reason that they don't have to relicense their work to other people so they could use it for free?

/facepalm

It's like some version of the Stockholm syndrome, deserves a name.


You seem to be having a problem understanding why people would be motivated to release genuinely free software. Open source can mean complete freedom, including the freedom to take the software, modify it, gain a competitive advantage and generate economic value, according to the license choice of the original author.


Nobody is denying the freedom for commercial use is a core part of open source software. However no developer has to make a certain business model easy for you, and I think it is well within the correct view to discourage such a business practice which restricts the freedom of users by making that impossible but allowing a "competitor" (if we really must think of it this way) to generate "economic value" (i.e selling open source software, which the GPL does allow you to do).

The freedom debate is unending. Personally I am very skeptical of all forms of economic freedom, as frequently they have the result of pidgeonholing people and their freedom is restricted.


Never mind that RMS' intent with GPL is to preserve the initial freedom into the distant future. If you get access to the source, so should everyone that comes after you.

And he formulated this after he had some hard earned experiences with suppliers at MIT.


> If you get access to the source, so should everyone that comes after you.

Why should they? That is up to the software author.


Is this the programmers’ version of “I got mine”?


Indeed, because nothing is ever free. The cost is simply paid by someone else.

Listen, I understand why that ideology is appealing, particularly if you haven't seen it play out before. How many "successful" open source projects have you seen whinge and struggle and eventually be abandoned and collapse, due to their lack of sustainability? All the while scrambling to offer the most permissive license possible? Even projects that shoulder entire ecosystems!

It's better when the costs and assumptions are above board: better for the project, better for the users.

I'm not familiar with the MINIX project, they've clearly found a way to stay sustainable if they've been around for 17 years. Just that paragraph quoted by OP struck me as very odd as well.

Just pay your dues rather than see your favourite project die. Businesses understand this. "From each according to his ability, to each according to his needs" offers some initial thrill but is not long-term sustainable.


> You seem to be having a problem understanding why people would be motivated to release genuinely free software.

Yes, I do have a problem understanding why people work for free.

I don't see cops working for free, or bankers, or chip designers, or the guy who served my dinner working for free. Even Andrew doesn't work for free.

I can understand licensing software that was built or purchased using [socialist] tax dollars under the GPL for moral reasons, but I don't understand why I have to pay Andrew to help Intel maintain their competitive (size) advantage.


Free or open source software doesn't imply working for free. A copy of your software doesn't (necessarily) entail additional work.

I guess whether people in general "work for free" depends on how you define "work" and "free". I work on many different things purely for their utility to my friends and me personally, or just for the fun of creating something. I work and I gain something from it, so the time spent on it is paid for. Call it hobbies or normal social courtesy, it's still work by any reasonable definition. It's also not free; I expect it to benefit me in some way, whether it's by having a great time doing it or the satisfaction of seeing someone else enjoy the product or helping my friends have a good time.


> I guess whether people in general "work for free" depends on how you define "work" and "free".

Then allow me to be clear:

If you want to do something, and you get some kind of psychic reward for it; like volunteering in a soup kitchen, then that's great. But if you're only doing that because you're afraid of going to hell, then someone has convinced you to work for free.

If you make some software, and someone tells you how great it would be if it did different things, and then gets offended when you send them your day-rate, so you do it anyway, then someone has convinced you to work for free.

If you've got a more useful definition of "working for free" then I'm happy to hear it, and entertain it, but understand this kind of anathematic servitude is what I'm pointing to:

I think these guys who go around trying to convince people that releasing "open source" is somehow "more free" and that "freedom is good" is a little bit like we've always been at war with Eastasia. It doesn't make sense to me: In a twisted sort of way, a slaveowner is more free than a non-slaveowner because they don't have obligations (like to work), but it doesn't make this sort of thing right. Being a slaveowner isn't right even if being free is.

> A copy of your software doesn't (necessarily) entail additional work.

The nth copy of my software cost 1/n of my time. One way to consider this is as n gets large, the cost goes to zero, but another way to consider it is as n gets large, the value of my time goes to infinity.

I'm in the latter category, and perhaps this is confusing becauseI contribute to, and release a fair amount of Free Software. However if the only thing that can approach being worth my time is your time, then you'll see why I can't consider any "open source" license for my own software: I don't work for free.


Clarity would be ideal.

Rather than cite two confused examples of 'work for free', can you please just define 'work'?

Then, perhaps, 'free'.

The reason a lot of people eschew the phrase 'open source' is because it leads to the kind of confusion manifesting in your last paragraph.


When one contributes to a soup kitchen without getting paid in money, the person still gets a value be it a growing social network, a line in a CV, experience of working and organizing people etc. So it is not a work for free as one does get a value that can be exchanged for other things.

Similarly with open source work. It brings a value in forms of contacts and experience.


What if someone paid you to open source it?


> But if you're only doing that because you're afraid of going to hell, then someone has convinced you to work for free.

Then I'd work for the comfort of not believing that I would go to hell. The basis of that belief may be an act of deceit, though, which I am not sure is relevant for open source software. The licenses are clear, and no one is promising anything magically wonderful or terrible to happen depending on my engagement in it. If they do and I bite, maybe I am dumb.

> If you make some software, and someone tells you how great it would be if it did different things, and then gets offended when you send them your day-rate, so you do it anyway, then someone has convinced you to work for free.

No, they have freed themselves from the responsibility of paying me for the work, clearly making it my problem. I then decide myself whether to do it based on what I gain from it. Maybe they convinced me to do it, but whether I'd do it for free is ultimately a matter of how I personally value the work.

> If you've got a more useful definition of "working for free" then I'm happy to hear it, and entertain it

Making an effort to achieve a result without gaining something from it? The only reason I could see myself working for free in this sense is if someone forces me to do it.

> I think these guys who go around trying to convince people that releasing "open source" is somehow "more free" and that "freedom is good" is a little bit like we've always been at war with Eastasia. It doesn't make sense to me: In a twisted sort of way, a slaveowner is more free than a non-slaveowner because they don't have obligations (like to work), but it doesn't make this sort of thing right. Being a slaveowner isn't right even if being free is.

"Open source" is not "more free" in any general sense. It just means that the source is available for free use and distribution. It doesn't necessarily make you more free, nor does it make anyone that is subject to whatever malicious purpose the software might serve more free. It frees the user of the software from a tiny set of specific obligations normally associated with licensing a copyright protected work. Those other things may be important but not at all what the BSD license concerns. Let the Intel-MINIX debacle be a lesson in the total orthogonality of freedom in general and free use of a piece of software.

> The nth copy of my software cost 1/n of my time.

No, it comes at no cost to you if you. Developing the software costs you time. That you reimburse yourself for the time it takes you to develop the software by charging for copies of it is an arbitrary choice, not an inherent relationship between the time spent and the number of copies made. If you were chopping wood, it might be a different matter, but with software, the time is spent on producing it, and selling a copy of piece of software doesn't mean you can't sell it again. The money you receive for a copy of a piece of software is rent.

Tanenbaum makes a great example of this. He is being paid for his work, yet the software is open source. He is not being paid for copies. Another good example is that of a simple employee. I get paid a monthly salary for performing a day job. Like Tanenbaum, I might get much less value out of it than the users of the software (or whoever is selling it) do, but I certainly don't work for free. I get paid for my effort and time, not for copies.


> "Open source" is not "more free" in any general sense

And yet, this is the point that Mr. Tenenbaum has tried to make in TFA:

"this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users"

So let's make a point of disagreeing with him, at least.


I don't see how that constitutes a disagreement. The user in this case is Intel. The license gave them the freedom to make whatever proprietary changes they may have made to the software and stick it into their CPUs. That's of course not freedom in any general sense, but it's freedom for Intel to do whatever they wanted with it. Does that make my point more clear?


Intel is software vendor. Or a "developer". They also use it, of course, but there are a number of magnitude more other users than Intel. Such as you and me, probably.

But anyway, that BSD is more permissive than GPL is a very obvious point. Why would Mr. Tenenbaum need to write about that? Why would he need some news to "reaffirm" it?


The user, in the only way that is significant to the license, is someone exercising the rights granted to them by it, i.e. whomever entered a license agreement with the copyright owner to put it on their black box. I never did. You can at best call me a user in the sense that I may be using nginx or apache when I access a website. That is not what the license concerns.

That's strictly speaking, but what does being a user entail, by a commonly understood definition? I certainly can't operate the MINIX derivative running on a different CPU than the software I actually do use. I never made a conscious effort to start or stop it, in fact I didn't know about it until the other day. It is unclear what it does, but it's clear to me that I am not personally using it. Maybe its use benefits me somehow, in the same way a break pedal might benefit me while I'm riding the bus. Maybe it's used for surveillance.

> But anyway, that BSD is more permissive than GPL is a very obvious point. Why would Mr. Tenenbaum need to write about that? Why would he need some news to "reaffirm" it?

Not too keen on sitting here guessing what purpose Tanenbaum's letter had, but maybe to provoke a discussion? Maybe he's sincerely proud that his software is now so widely deployed? It seems beside the points I am making.


> The user, in the only way that is significant to the license

But for the GPL, the notion of a user almost always includes you and me. Or at least it would, it this particular case.

So how can one compare the licenses on the amount of "freedom" conveyed to "potential users" if they don't want to use the same meaning of the word "user" as the GPL does? And does purposefully, with the end goal of serving said users.

> You can at best call me a user in the sense that I may be using nginx or apache when I access a website.

Not sure about "at best", but I can. And there are licenses (such as AGPL) that limit what one can do with software accessed over a network as well.

> I certainly can't operate the MINIX derivative running on a different CPU than the software I actually do use. I never made a conscious effort to start or stop it, in fact I didn't know about it until the other day.

You never "start or stop" an operating system, you just push a button. You don't interact with it directly either: you communicate with hardware devices and user-facing software.

Most users don't even know what operating system they are running, they just spend their day in their web browser. And they don't know the difference between the two.

And yet, that doesn't matter to the GPL.

> Maybe he's sincerely proud that his software is now so widely deployed?

Sure, but that was a separate statement. And then: "... this bit of news reaffirms my view...".

> It seems beside the points I am making.

I am discussing the Open Letter, and not your opinion in a vacuum.


> But for the GPL, the notion of a user almost always includes you and me. Or at least it would, it this particular case.

I agree that free software would have been the better option, but the fact remains that MINIX is BSD licensed, not what the FSF considers "free software" and I am merely describing what user freedom could possibly mean in terms of the BSD license. Maybe you feel like discussing the merits of different licenses, which leads me to believe that you are confusing this with me somehow sharing an opinion on which is better.

The BSD license doesn't really express the notion of a user. You and I are free to distribute, modify and use the software under the same terms that Intel does. Compared to GPL, there's no fundamentally conflicting idea of what a user is. The difference is in what obligations the licensee has.

> So how can one compare the licenses on the amount of "freedom" conveyed to "potential users" if they don't want to use the same meaning of the word "user" as the GPL does? And does purposefully, with the end goal of serving said users.

Tanenbaum considers Intel to be a user of his software and that they benefit from the freedom granted to them by the license. If you want better information than my take on what exactly he means you should ask him, not me.

Also, you – a potential user – are free to do whatever you want with MINIX.

> Not sure about "at best", but I can. And there are licenses (such as AGPL) that limit what one can do with software accessed over a network as well.

OK, so we agree that you can. For all I care there can be licenses that limit at what times a week I can pick my nose based on the proprietor's notion of what a user is.

> You never "start or stop" an operating system, you just push a button. You don't interact with it directly either: you communicate with hardware devices and user-facing software.

There is a very wide span in which you could place the definition of a "user" if you are willing to reduce the concept to this level of absurdity. Maybe it was a bad idea to bring the subjective notion of a user up at all, since the BSD license is after all very clear on what it permits and under what circumstances.

> I am discussing the Open Letter, and not your opinion in a vacuum.

Explain your point rather than ask me what I think that he means. You can discuss whatever you feel like, of course, but don't expect me to be your soapbox for ranting about how superior GPL is. I don't have the energy to engage in some sort of socratic exchange where you slowly try to pull your point out of me. There is a reasonable interpretation of "free" for which the BSD license may be considered to offer more freedom to users than the GPL. Most importantly, it comes with less obligations. There is also a very reasonable interpretation of "free" for which the tables are reversed. Tanenbaum obviously favors the former.


> Yes, I do have a problem understanding why people work for free.

And yet, despite your inability to understand it, it continues to happen. A lot.

I suspect part of the challenge is your misuse (or just misapplication) of the word 'work'.


How are you paying Andrew? That makes no sense.


Andrew S. Tanenbaum works for a publicly funded (tax dollars) research university.


That would be tax euros, actually.


with whose money do you think researchers are paid ?


taxes


I don't have any problem with that.

I have a problem with Tanenbaum claiming that having Intel ask him to work for free then taking his work to implement a hardware backdoor without giving anything back (not even credit) is somehow a great thing and a proof that BSD is superior to the GPL. And that only because it means that he can say that MINIX is somehow "most widely used operating system in the world on x86 computers", which, I guess, is kind of technically right. Somebody should send him a t-shirt or something.

I license my code with BSD because "I don't care what you do with it", mostly. I won't write a thank you note if some of my code ends up in some closed source product, especially something as shady as Intel's ME. And I definitely wouldn't knowingly do custom work for a company as big as Intel for free.


Intel didn't ask him to work for free, read the letter again.


Without getting into the licence discussion:

> [...]your engineering teams contacted me about some secret internal project and asked a large number of technical questions[...].

> [...]your engineers began asking me to make a number of changes[...]

Those are two cases where Intel asked Tanenbaum to work for free. First as consultant and then implementing custom code modifications.

Yes, not many people will charge for answering questions and maybe he thought that the changes requested by the Intel engineers were appropriate and useful for the project itself, but the fact remains that this work was valuable to Intel and required Tanenbaum to spend time on it.

Edit: Formatting


I think it's debatable whether being contacted for information or asked to make changes to your open source project is "working for free". It's being asked to work on open source software, there's a difference.


> including the freedom to take the software, modify it, gain a competitive advantage and generate economic value

...and create backbox systems with backdoors that no user has the freedom to inspect, change or disable :-)


There's not an absolute in licensing; it depends on what your thoughts and motivations are.

In practise, seeing ME as a competitive advantage is something that's at least questionable.


I don't think there's any implication that MINIX was relicensed specifically for Intel.

I'm surprised how much difficulty some people have in understanding that others might make different licensing choices. If I license software under a BSD/MIT-like license, it's not an accident – it's specifically done so that there are as few restrictions on that software as possible.

Don't get me wrong – the GPL is important and making the choice to license under it is a totally legitimate personal choice with various pros and cons versus a BSD license. But it's not the only rational choice to make, and I wish you'd be a bit more open-minded about that.


He relicensed MINIX for Intel? The letter doesn't say that.


"I have run across this before, when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free. These discussions were why we put MINIX 3 out under the Berkeley license in 2000 (after prying it loose from my publisher)."


So where exactly does this quote say MINIX was relicensed for Intel?

Well, maybe only if you think 17 is "several years":

> several years ago when one of your engineering teams contacted me

> we put MINIX 3 out under the Berkeley license in 2000


Nowhere does it say that discussions with Intel in particular motivated the license change away from the GPL. Only discussions with unnamed corporations as long ago as 2000.


Your point being?

It makes absolutely no difference whether the "you cost, me profit" corporation was Intel, Nvidia, Acme Inc or all above.


My point is that you are drawing odd/bad conclusions from a misreading of the information contained in the letter.

> You're thanking someone because they asked you to relicense your hard work so they can use it for free (BSD) and you complied?

Nowhere in the letter does it imply that the entity being thanked (Intel) is the same entity that motivated the author to change the license.

Intel used open source software according to the license they found it with. The author is pleased his software is powering global infrastructure, and is likely pleased he's contributed to human progress, but is slightly peeved he received no personal thank you as a matter of politeness/etiquette. I'm struggling to understand what criticism you have for this process. No-one has been dicked.


MINIX was first and foremost an educational system -- simple OS so that students can see how every OS component works on a real end to end system during a single semester course. And easily try their own changes.

As such wider acceptance is something to celebrate. It might also be a (partial) vindication that an alternative design you absolutely hate and tried to kill is a huge success and is everywhere from supercomputers to cell phones.


>You're thanking someone because you relicensed your hard work so they can use it for free (BSD) and you complied?

That sounds like an argument against open sharing of source code and ideas.


It's not free, it's Free

http://wiki.c2.com/?FreeAsInBeer


I've once heard that companies don't like GPL is not because they're afraid of being taken advantage of by their competitors, but they have some secret workarounds/fixes for the hardware defects, which would make them trouble if discovered by their customers.


> If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users.

Interesting conclusion, considering one of the "features" of the Intel ME is precisely to limit what the final user can do with their computer.


>> Interesting conclusion, considering one of the "features" of the Intel ME is precisely to limit what the final user can do with their computer.

The BSD license advocates have always considered other developers to be the "users" and even offer the freedom to deny the same freedom to those who run their software. GPL considers all those who run the software to be the users and tries to maximize their freedom. In the case of Intel ME it's not clear who the code is serving, but it's definitely not the person using the computer.


In that case, BSD license advocates are delusional if they think their license does any good in the world. BSD-licensed code is charity for the ultra-rich, plain and simple.

And perhaps they have no interest in doing good in the world. In that case, they can all go to hell.


Yes. And it also allows others (e.g. the three-letter agencies) to spy on the user.

I wonder how Tanenbaum feels about all that.


If Minix's license wouldn't be BSD, they would use some other BSD licensed OS or develop it's own...


Does this argument have a name? "If I didn't do [SOME HORRIBLE THING X], someone else would, so I might as well do it myself?"

When googling, I only found this: https://www.reddit.com/r/askphilosophy/comments/3wclk6/even_...


Bad phrasing. The argument is more like "If [this awesome thing X] wasn't available, people would have to find a maybe-less-than-desirable alternative." The name for it is practicality.


Earlier versions of ME (the one with an ARC core) used ThreadX RTOS --- proprietary, commercially licensed. I guess Intel eliminated a huge chunk of those licensing costs by moving to x86+Minix instead.


Which in a way it is better also for end users. At least we don't have to pay the license for a software that we don't want to run on our computer :-)


They chose Minix, so it seems reasonable to assume that Minix was the best option. If Minix would not have been BSD, they would have had to choose a worse option or spend significant money to build their own OS. Both options would have cut into ME's budget and might have reduced its capabilities.

"If A wouldn't, then B would" is a weird argument imho. It's basically equivalent to saying "If we can't destroy C in one blow, there's no point in attacking them".


> might have reduced its capabilities

And security and many other things. Surely you aren't arguing that an even more closed environment is ideal just because of a minor budget spend for a large company.


I suppose it could be somewhat like a nuclear physicist seeing his work contributing to the development of nuclear weapons.

Although in this case, his opinion of ME seems pretty neutral.


> to limit what the final user can do with their computer

I've never seen a source on the net where anybody claimed that ME limits their work with the computer they own. Any references? ME offers some additional management features at enterprise level, but where does it block things ?


Does it? I think the DRM aspect is managed somewhere else

The backdoor aspect is true, either from three-letter agencies or for corporate locked-down machines


I am saddened that Tannenbaum's only comment about the existence and purpose of the Management Engine is in a postscript, and a very weak one at that:

"Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs."


Well, if Minix was developed on NL and EU taxpayer dime it’s quite disconcerting that it’s now being used to potentially bug the computers of those same taxpayers.

I’m sure nobody would agree to paying for that, so why on earth does this man feel entitled to give away the product of “our” taxes without any restriction


As far as I am concerned I am not paying for my computer to be bugged. MINIX is a research project that is useful and interesting in its own right. That's what the EU is funding. GPS, the internet and the microchip were also publicly funded technologies. I don't think that anyone should object to the funding of these inventions because there are dubious uses of them (all of them sometimes in involuntary surveillance).

Ideally, bugging computers is a legislative issue, and the contract between the vendor of the particular technology employed to do it (in this case not even particularly built for that purpose) and its user is irrelevant.


Considering we have laws prohibiting the sale of surveillance technology to states suspected of human rights violations, as well as the sale of goods intended for misuse according to our own ethical standards (think medicines used in lethal injection executions) it would be quite asinine to look the other way claiming that fulfilling that particular research purpose exhausts all further uses.

Particularly if it’s potentially used against us, citizens.


Looking at MINIX as "surveillace technology" or "intended for misuse" (isn't that an oxymoron?) is stretching the definition very inclusively – it's an operating system. Yes, people that use computers for bad things sometimes use operating systems to facilitate those bad things. Whether you buy a license for Microsoft Bob or use MINIX for free is beside the point.

I specifically did not suggest "looking the other way" either, I just don't think the problem is open source operating system software that anyone can benefit from, it's involuntary surveillance, and I think that should be addressed legislatively rather than inhibiting publicly available research on very broadly applicable subjects.

Conversely, you could look at other research like the microchip, GPS and the Internet, all publicly funded to fulfill some defense purpose, and all having more than occasionally been used for indiscriminate surveillance. Would we be better off without these things? I don't necessarily assume a "no" to that, but it is fair to say that there are plenty of uses of these technologies that have had positive effects on society.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: