Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft Now OpenBSD Foundation Gold Contributor (undeadly.org)
267 points by saghul on July 8, 2015 | hide | past | favorite | 117 comments



Worth noting that Facebook and Google are both silver contributors.

=== http://www.openbsdfoundation.org/contributors.html ===

For 2015 The OpenBSD Foundation will recognize donors in the following categories based on contribution amount.

On request we will provide a link to your website for donations of $5000 or more, and display your logo for donations of $10,000 or more.

    Iridium: $100,000 to $250,000
    Platinum: $50,000 to $100,000
    Gold: $25,000 to $50,000
        Microsoft Corporation 
    Silver: $10,000 to $25,000
        Facebook Inc.
        Google Inc. 
    Bronze: $5,000 to $10,000
        2Keys Security Solutions
        Mandrill
        genua mbh 
=============================================


    Gold: $25,000 to $50,000
        Microsoft Corporation 
    Silver: $10,000 to $25,000
        Facebook Inc.
        Google Inc.
Arguably these are small amounts for all three companies, but what is the best way to calculate a fair share - not just for large companies but for anyone? For example,

* How much does OpenBSD need?

* How much does each company benefit from OpenBSD's work?

* How much would it cost to license the software if it were proprietary? How much would it cost to build and maintain it in-house?


Those are hilariously small numbers. The accounting departments of those companies probably wouldn't even blink if one extra zero were added to the end.

If you're funding open source products like this, companies should fund at least 3-5 full time senior engineer salaries per year. We should praise "donating" $3 million to $10 million per year. Anything less is a joke seeing these amounts are from multi-billion dollar companies built on free software.

Imagine you lived next to a free buffet that only accepted donations. You ate there every day of the year, saved thousands of dollars over buying and making your own food, then thought you were being "generous" by dropping them a tenner at Christmas. Also, you're a full time tech employee who cashed out millions in stock and have several million dollar apartments in cities around the world. But, sure, you're generous by dropping them $10.


While I agree this is pocket change, at least these companies are putting in something. And Microsoft has become a top Linux kernel contributor, and Google, Facebook do hire full time programmers that work on Linux as well (and possibly BSD).

My question is, where's Apple?


You don't get to be a successful company if your accounting department doesn't blink if there are zeros appearing on invoices.


  "I didn't get rich by writing a lot of checks"


It's a little hard to describe Microsoft as a company built on free software. Another thing that gets lost here is that large companies certainly pay full time senior engineers to contribute to open source projects. They just work at the company, not for OpenBSD/RedHat/ect directly.


> It's a little hard to describe Microsoft as a company built on free software.

Ethernet (for utp), Wi-fi, ip, tcp, udp, http, ssl, imap, smtp, dns ... just thinking of networking/Internet tech off the top of my head ...


I suppose you're forgetting that one of the most popular Windows releases didn't support Internet connectivity out of the box.


Tiny amounts. The OpenBSD folks contribute a lot of code those corporations use, like OpenSSH and plenty of security bugs fixed for many projects not their own.

OpenBSD still is at a financial crisis and not enough people care. Not even the ones reaping benefits out of it.


I love OpenBSD, I've purchased CD sets and made (small) donations, but they've been in financial crisis for as long as I can remember -- at least 2006. The truth is that it's entirely OpenBSD's fault; from the beginning, their attitude has been, "we'll just produce a lot of high quality code, and fix other people's bugs, and people should then donate to us out of good conscience."

And that doesn't work.

They've been openly hostile to projects like pfsense (or maybe it was Comixwall, I don't remember) and they've repeatedly declined to do anything that might bring more money into the project if it required even the slightest distraction from any of the principals of OpenBSD development.

The sucky practical reality is that "hoping enough people care" isn't a really smart way to ensure financial security for a project.


> they've repeatedly declined to do anything that might bring more money into the project if it required even the slightest distraction from any of the principals of OpenBSD development.

That sounds like someone I'd want to support (assuming those principles are sound).


Just to clarify: in this case I meant "principals", as in the people most responsible for OpenBSD development, not "principles", as in the ideals driving the project.


> They've been openly hostile to projects like pfsense

You may have the polarity reversed there.


I might, I'm working off of memory (and my brain doesn't have ECC). I recall someone working on a web frontend for pf getting a lot of abuse on openbsd-misc and then finally giving up altogether ca. 2009 or so. IIRC the common response from the old guard was, "people should just learn pf instead, it's easy."



Indeed. It almost looks as Microsoft simply wanted to "one-up" the other two and...that's it. They should've been on the Iridium level.


Also, Google has been donating every year since (at least) 2012, when OpenBSD started to make the donors list public.


Out of curiosity, do they appear as donors so often due to corporate initiatives or employee gift matching?


Donations to the project have also been public for many years:

http://www.openbsd.org/donations.html


We could recalculate the donation amounts in pizzas + diet coke. How long was the pizza+coke runway extended by these donations?

Because these aren't enough to cover salaries, so it's logical that's going to be used for pizza.


25-50k is generous, but won't float the project. I'll take this as a reminder to send some meager grad-student dollars their way.


Who would have guessed 10 years ago that in 2015, Microsoft would be a bigger supporter of a FLOSS project than Google?


Microsoft loves BSD/Apache/MIT licensed software. Free stuff and no serious competition can evolve out of those projects.


All the spectrum of software gets better thanks to BSD/Apache/MIT licensed software, so who wouldn't love it?


.no serious competition can evolve out of those projects

BSD + Mach > NeXTSTEP > OSX


.. > iOS


.. > WatchOS


.. > AutoOS


Oh, yeah, proprietary. I meant open source competitors. My bad.



Yes, this is an un-useable chunk of open source that is not widely used, not compatible with normal hardware, and does not even build.

To quote another user: "The version of WebKit used on iOS is actually not open source and forkable; even WebCore, which is LGPL, Apple works around: rather than releasing code changes for iOS-specific features, they release the binary .o files users can link in."


These folk are getting it there - http://www.puredarwin.org/


How much for these levels:

Vibranium

Adamantium

Unobtanium


Transformium


You forgot Orichalcum.


All the comments in the thread are focussing on comparing Microsoft's contribution to Facebook or Google for one project and giving credit to Microsoft. But, it is important to remember that Google and Facebook contribute to OSS in different forms. For example, Google spends regularly on Google Summer of Code. There may be other example for Facebook as well.

I am not a fan/employee of any of these companies. I am just putting the contribution into a different perspective.


CoreCLR alone is ~2.6 million lines of code, with several million lines of code to go [1]. I would wager that by raw LOC, Microsoft will open source more code in 2014-2015 than Google and Facebook combined.

http://blogs.msdn.com/b/dotnet/archive/2015/02/03/coreclr-is...


FYI - Gold contributor means the donation was somewhere in the range of $25,000 to $50,000.


Someone must have had some funds left over in the advertizing budget.

Regardless it's a very smart move and much appreciated.

Thank you Microsoft!


windows supporting openssh is most likely the reason


I'm pretty sure they got a donation closer to the lower $25,000 bound. I check the fund raisin page quite often and up to this morning it showed a total of $100,000 raised. It's now at $125,000.

Still great regardless of the amount. I'm happy that the money was donated to the project.



What's the point of trying to say "Good job" if you're just going to minimize the gesture in the same paragraph? This adds nothing but a negative spin...


Shame, that's pocket change for a company like Microsoft. Happy to see they're contributing nonetheless.


Theo de Raadt always complained that such companies never gave back. HNers were always quick to suggest he change his open source licence. Hopefully this means him and his crew can do a better job than they are already doing without them feeling they compromised on their values.


Probably has something to do with their OpenSSH adoption, indeed.

Theo de Raadt actually praised Windows in a ruBSD 2013 interview, saying their exploit mitigations were second to OpenBSD.


Thanks to Lipner's SDL & executive support, Microsoft has done one of the largest 180's in the industry's history. Backward compatibility and time-to-market will continue to create problems. Yet, comparing security (even architecture) of Windows 7 with Windows 95 is almost like looking at two different companies' products.

So, I give them due credit for good effort they put in. Many other companies have yet to match that effort. It's why their stuff is the new, big target. ;)


Another way to read that is as more of a slam of his major competitor.


Only if you try hard.


It's a shame that three top contributions by multibillion companies combined hardly cover a decent yearly salary for a single developer.


Yay! OpenBSD does great work, I'm glad they are getting serious support now. Hopefully other large vendors do the same thing...I'm looking at you Intel, HP...


Both Intel and HP have donated to OpenBSD: http://www.openbsd.org/donations.html


I stand corrected. Cheers.


What's in it for microsoft though? What is their end-goal? If they support opensource I'd rather they port some major programs to other platforms to make those platforms more viable.


Microsoft seems to be undergoing a huge sea change towards acceptance and promotion of open source software, and moving into a devices and services model for revenue as opposed to a software licensing model. It seems that most of the open source community still thinks they are "up to something" but I'm starting to believe that they are genuinely becoming a much better company than they were under Ballmer and Gates.

Either way, I'm happy to see them putting their money where their mouth was, literally.


MS has always been pragmatic. The shift is happening because they have gotten into the cloud business, with a primary focus on the infrastructure tier (Azure).

This means that as long as someone is renting compute time from them, MS don't really care what is running higher in the stack.


Burning CPU time and memory bandwidth is what ssh does on purpose to make things secure. So from this perspective, ssh seems like a great match for them making more money.


Azure is so terrifically overpriced for compute, so it stands that they'd love people using it even if they ran stuff that actively went against Windows. Azure's prices are more than double Google Cloud Compute. Up to 5x the price. Azure could resell GCP and still make a hefty margin.


I agree with much what you wrote, but why is this cause for happiness? It's basically the end of programming as a profession should every company go that way.


My statement about "happiness" was not part of the previous paragraph. I'm happy they are contributing to OpenBSD.

I'm cautiously optimistic about their sudden benevolence towards open source in general.


Can you elaborate on why?


I was referring to "moving into a devices and services model for revenue as opposed to a software licensing model" - which I think is likely.

If every company starts doing this (using open source!), the majority of software will be written and maintained by volunteers begging for donations from said companies.

What will be left is devops jobs, "full stack" engineers, i.e. all jobs where you can't really focus on developing software.

Very few interesting jobs may remain in Microsoft Research.


The other possibility is that if every company starts doing this (using open source!), the majority of software will be written and maintained by employees of said companies.

This is already the case for many projects, isn't it? In the case of OpenBSD, several of the core developers are either owners or employees of companies that use OpenBSD in their operations. Some of these companies are infrastructure providers, some are device / appliance vendors, some are consultancy shops...


"the majority of software will be written and maintained by volunteers begging for donations from said companies"

that is not how it works now so why would that change?


please explain


If I heard correct, Microsoft wants to add openssh support to Windows 10, server and client.


http://blogs.msdn.com/b/powershell/archive/2015/06/03/lookin...

That is correct, adding a OpenSSH server and a client with Powershell was announced last month.

It's good to see Microsoft also contributing to the project, so many users of OpenSSH do not.


Microsoft are adding OpenSSH support but NOT in Windows 10 RTM, and likely not this calendar year in general. The first Microsoft OS to receive OpenSSH support is likely Windows Server 2016 (or whatever name they finalise it on).

I just don't want people to run up Windows 10 on July 31st and then ask "but where is OpenSSH?!" Windows 10 might receive OpenSSH support in the future, but you'll be waiting a while. They only just announced the effort, engineering may not have even started yet in earnest.


This has been possible with Cygwin for many years.


Yes but you don't get Powershell. If you're even remotely into actual scripting on Unix you'll love Powershell's consistency and separation of data/presentation.


I spent fifteen years scripting on Unix for a living. I consider powershell to be garbage. Lack of 'separation of data/presentation' is what made unix ubiquitous. It's also what made HTML ubiquitous. I think it's great that powershell is getting full, native ssh support -- because then I can manage windows computers in a non-ridiculous way, regardless of what PL wankery Microsoft shoved into the syntax.


> Lack of 'separation of data/presentation' is what made unix ubiquitous.

I think standardization and easy scripting made Unix ubiquitous. Making a regex to search for start time in ps output did not.

> It's also what made HTML ubiquitous.

Most HTML on the internet uses CSS for presentation.

> I think it's great that powershell is getting full, native ssh support -- because then I can manage windows computers in a non-ridiculous way

So it's non ridiculous, but you'd still be using Powershell, which you just said is garbage. I'm not following.

You seem /really/ pissed off. I'm not sure why.


> I think standardization and easy scripting made Unix ubiquitous. Making a regex to search for start time in ps output did not.

So was it easy or not?

> Most HTML on the internet uses CSS for presentation.

...now. That was extremely not the case during the period that HTML grew popular.

> So it's non ridiculous, but you'd still be using Powershell, which you just said is garbage. I'm not following.

It's non ridiculous because my control scripts can be written in a real scripting language, dispatching generated powershell commands to windows machine over the same protocol that real computers use. Powershell itself isn't really the attraction in this case.

> You seem /really/ pissed off. I'm not sure why.

I'm not sure why you would think that. They're just opinions. I can consider something garbage without getting emotional about it. Actual garbage in a garbage can, for instance.


The difference is that I can't install Cygwin on every workstation I sit down on. I can usually use Powershell though.


My gut level guess is something in this list Might end up bundled into windows10 or 11 or ...

https://en.wikipedia.org/wiki/OpenBSD#OpenBSD_component_proj...

I suppose an internet router running OpenBGPD on windows approaches the "kill it with fire" level of visceral repulsion, but something more realistic like bundling openssh client or CARP or LibreSSL could totally happen.


Well, it's no secret that Microsoft is planning to offer OpenSSH support:

http://www.undeadly.org/cgi?action=article&sid=2015060309042...


Goodwill if nothing else. I mean it's probably less than they spend on toilet paper in a month. At their scale, it's not an amount that has to have anything "in it" for them.


I'm thinking since they're working hard on their enterprise products (which includes virtualization, cloud computing/storage) that they're trying to bulk up their suite of products in one fashion or another. Especially since it looks like their enterprise offerings are making big gains in countries like the UK.


When I donate money I don't think "What's in it for me, what's my end goal?"


When a company best known for quashing competitors using very questionable means, whose modus operendi for years was to take other people's products and change it into their own thing (Java -> C#, for example), and one which loudly opposed Open Source, starts donating money, well, maybe they've had a shocking change of heart. Or, maybe there's some other reason.

That said, there's more and more evidence accumulating that Microsoft seems to have had a change of heart. I had a gut feeling I would like the new CEO. So far, so good.


I'm hoping that they are going to generally start pulling a lot of Unix standards into Windows.


Microsoft windows dying, this is new business of microsoft ? http://blog.sudoask.com/great-dictator-on-software-dying-and...


Good they're contributing something back. They should sponsor more developers to work on infrastructure they could integrate into their offerings. Even from their evil perspective, they'd still be able to use their EEE strategy for people foolish enough to buy their non-standard version. They'd benefit from increased innovation and reduced costs as projects get bigger. We'd benefit with components that had financial support to keep improving and maybe get more security review than certain FOSS projects that have never heard of that.

So, it's in their interest to expand their role in open source software whether they intend to play nice or evil. They'll benefit and we'll possibly benefit either way. At the least, quality and innovation should both go up. Microsoft could always use more of those. ;)


Canadian tax structure does not consider "software projects" eligible for charitable contribution, so the donations are not generally tax deductible.

This is why i'm not sending a check right now


If the extra cost of the taxes is what's keeping you from donating, perhaps you can send in a reduced amount instead then? Foe example, if you wanted to donate $100 and your overall tax rate is 40% (resulting in an overall reduction of $40 from your taxable income), you could instead donate $60 and save the other $40 for your pending tax bill.

(Just an example... I'm not an accountant and I live in the US so I don't know if things are different in Canada, etc etc)


... Which makes me wonder why the OpenBSD hasn't filed for 501(c)(3). I'm sure it comes with strings, but given the donation revenue they've generated, tax-deductible status could be a big lever in pure dollar terms...


They say on the foundation website that, in Canada, the overhead of doing that is too high to justify it. They're hardly getting in donations so any amount of overhead can detract significantly to the project. If it's serious overhead, that's a serious loss. So, they're just not doing it until they get enough donations to justify it.


This is unfortunately backwards. Many large corporations will only donate and provide matching donations to registered non-profits. Applying for 501(c)(3), and whatever the Canadian equivalent is, would be the gateway to much larger donations. Yes, there's overhead and headache, but the benefit is that being a registered non-profit is one of the requirements for corporate donations.

The reason the project gets so few donations may well be that many businesses and individuals have to weigh donating to OpenBSD (not tax deductible, not registered as a non-profit) versus literally any other cause that is tax deductible. Simply put, a dollar to OpenBSD doesn't go as far as a dollar to say, the Linux Foundation (a 501(c)(6)).


The counter I expected and I totally agree with that. They might be shooting themselves in the wallet with this choice. Although, Theo and others have repeatedly said how little companies even try to donate to them. They might have wasted significant amounts of their funds complying with Canadian requirements for little to no gain.

So, I'm not sure which is the best route given the two facts: plenty of opportunity for gain and loss on each end. I'd like to see them at least attempt to get the status then tell a bunch of potential donors it's tax exempt. If money doesn't roll in, drop the status. If it does, keep it. Seems like a worthwhile risk to take.

What do you think?


Absolutely worth it. It isn't terribly costly to get registered as a non-profit, especially for low revenue organizations. I run a student organization at a mid-size university, and it's only just barely cost prohibitive for us, given that we don't stand to gain much from our current status as a de facto non-profit.

From what I understand, the cost amounts to a few hundred dollars in legal fees for paperwork, less if you're willing to use some hip website to do it, and some annual compliance costs (keeping receipts, filing tax returns).

I have no idea why they wouldn't pursue that. Maybe it's much harder in Canada?


Once upon a time I would have understood that, but even given only what we know of their "gold" and "silver" contributors, they have received $50-100k recently. How much overhead can obtaining charity status be?


Depends on how you look at it. Remember they claimed to need $250,000 (right?) at one point to keep everyone max happy and productive. I doubt they need that much each year. Yet, giving away a significant chunk of $50-100k might be too much of an opportunity cost to them.

Like I said elsewhere, I think they should take the risk and see what happens. They choose against it for now.


How much does one need to contribute to be Gold?


> http://www.openbsdfoundation.org/contributors.html

Iridium: $100,000 to $250,000

Platinum: $50,000 to $100,000

Gold: $25,000 to $50,000

Silver: $10,000 to $25,000

Bronze: $5,000 to $10,000


OT, but incidentally, gold is more valuable than platinum at the moment:

http://www.kitco.com/charts/livegold.html

http://www.kitco.com/charts/liveplatinum.html


[flagged]


It would be really cool if people would refrain from citing this until "extend" is reached. Because right now all Microsoft is doing is financially supporting some good developers who are doing good work.


The post did get flagged, which is a nice change. I personally get seriously tired of constant slashdot-isms that are used in posts regarding MS.


That sure sounds evil to me! ;)


The trouble is that by the time they are at "extend" it is too late...


This phrase is quickly becoming the new "Micro$oft".



You forgot the "eXpand". Almost sounds like the 4x definition...


Humor is now punished?


You: "I'm generally a pretty negative person for a reason. Negative feedback is necessary for anything to actually get better." - https://news.ycombinator.com/item?id=9318260

So, what are you actually making better here?


what are you actually making better here?

HN! Look at it this way: if everyone who likes to use phrases like that, even when not really suitable, sees they get downvoted into oblivion maybe they'll start to realize there's a reason for it. And next time they'll want to post they'll hesitate, start reasoning, and don't post any nonsense. Sounds good to me. And a bit far fetched maybe :P


https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish

"Embrace, extend and extinguish" was a widely employed anticompetitive strategy used by Microsoft for a long time as some court documents show. Not just some conspiracy theory. What makes you think Microsoft is trustworthy today? Just because they have a new CEO? Everything they "embraced" in the past turned into shit fast (The last victim was Nokia).

What am I making better here? I'm reminding everybody that a company whose whole success is rooted in exploiting a monopoly should not be trusted.


I kind of agree with you.

While I think Microsoft has been moving in a good direction since Nadella took over (I am sorry if I misspelled his name), it is worth keeping in mind the nasty - and at times downright criminal - business practices Microsoft used to get where it is today.

Just to be clear, I am hopeful that Microsoft's leadership has come to understand that in world with more iPhones and Android devices than PCs, their old tactics won't work any longer. But they still have a long way to go before I trust them.


Who exactly is it that you think is trusting Microsoft?


There needs to be a prize that goes to whoever uses this phrase first in a MS post.

You, sir, are a winner.


The prize is "+5 Insightful", and it's redeemable a decade ago on /.


Zing!


Like those old "first" comments on forum threads.


Man, the downvotes is hard in here.

In case everyone couldn't tell I think that the incessant posting of "embrace, extend, extinguish" are really childish so I replied childishly. Do we need a sarcasm tag?

EDIT: One day I will too be able to down-vote and then woe to you all. woe to you all. OH WHAT DOWN VOTES I WILL BRING!!!

EDIT EDIT: That's great advice friendly friend but I don't have enough karma to down-vote. Way to rub it in though...


> In case everyone couldn't tell I think that the incessant posting of "embrace, extend, extinguish" are really childish so I replied childishly. Do we need a sarcasm tag?

If you think a post is childish, downvote it and move on. If you respond in kind, expect to be downvoted. It doesn't make sense to decrease the signal-to-noise ratio in response to a post whose main problem is that it is decreasing the signal-to-noise ratio.


I don't have enough karma to downvote comments...but thanks for rubbing it in though. That's a beautiful tall horse your on by the way.

This particular comment got flagged, which is great. That being said, I can't count the number of times I've had someone reply to me with "Switch to Linux"...and I can't downvote that. Signal to noise?

The rules are unevenly applied. For instance, a couple of weeks ago one of those "Isn't RMS Awesome!" posts came up. I expressed a sentiment that was counter to the glowing praise people where heaping on the guy's article. I wasn't rude, but I do disagree with the guys positions on somethings and expressed that. It started being downvoted immediately...I was close to 200 at that point so I actually wrote a BS set of pablum replies and they were upvoted so I regained the karma.

Its frustrating.


I can't count the number of times I've had someone reply to me with "Switch to Linux"...and I can't downvote that.

FWIW I don't think people are allowed to downvote replies to their posts. At least I can't, maybe I could after getting even more karma?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: