Mozilla Foundation Donates $10K to OpenSSH 277
eklitzke writes to tell us the OpenBSD journal is reporting that the Mozilla Foundation is donating $10,000 USD to the OpenSSH project. This comes as good news after the recent reported financial troubles from the OpenBSD and by extension the OpenSSH team. It seems that quite a few people have answered the call for aid made by OpenBSD's de Raadt.
Contribution made to OpenSSH or OpenBSD? (Score:5, Interesting)
There has been much talk in the recent past about the difference between wanting to support OpenBSD (and by default, OpenSSH), and just OpenSSH itself. Is it even possible to support 'just' OpenSSH?
Either way, a classy move by the Mozilla Foundation.
Now if you guys can just make Thunderbird stop sucking, I'd be much happier.
Re:Contribution made to OpenSSH or OpenBSD? (Score:5, Informative)
Re:Contribution made to OpenSSH or OpenBSD? (Score:3, Informative)
Here is a simple solution: look in the CREDITS file of the OpenSSH and find the developers who are responsible for the areas in which you desire some improvements and email them with offers to provide them money, hardware, or whatever they need to improve OpenSSH.
For the sake of convenience, here is the CREDITS file to OpenSSH-4.3p1
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Funny)
Re:Contribution made to OpenSSH or OpenBSD? (Score:5, Informative)
Re:Contribution made to OpenSSH or OpenBSD? (Score:5, Funny)
This is going directly to Theo's "free as in beer [samsclub.com]" fund.
Re:Contribution made to OpenSSH or OpenBSD? (Score:3, Funny)
Re:Contribution made to OpenSSH or OpenBSD? (Score:5, Informative)
Re:Contribution made to OpenSSH or OpenBSD? (Score:2)
Yes, but to calculate the real value of this donation, you'll have to come up with the correct noodles & cola to lines of code written/audited formula. Money doesn't convert magically into code; it helps people write & audit the code. So yeah, the money may very well be used to purchase noodles & cola, and there's nothing wrong with that as long as it results in more and better code.
Perhaps the OpenBSD mascot should be swimming ar
Re:Contribution made to OpenSSH or OpenBSD? (Score:2, Informative)
Or pay the electricity bill. It's about $5000 a year [theaimsgroup.com].
Re:Contribution made to OpenSSH or OpenBSD? (Score:3, Informative)
Since they're the same team, any donation is pretty much fungible (ie, $10,000 "for OpenSSH" still means Theo has $10,000 now freed up for OpenBSD, if that's how he sees the need to allocated it).
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Insightful)
A quote from the donations page:
Simply send a donation cheque in CDN/US/EUR funds made out to Theo de Raadt, since cheques made out to "OpenBSD" cannot be cashed.
There isn't a entity setup for OpenBSD or any other of their projects it seems. It's questionable what actually happens with the money donated.
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Insightful)
What you want is much like saying that you want to donate to Thunderbird, but not have the money go to the Firefox crew, as you only use Thunderbird. The same foundation is working on both, so the money goes to the group as a whole.
And yes, de Raadt really should set up a non-profit for OpenBSD, under the OpenBSD name.
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Insightful)
Yes, you do, if you use any of the software [openbsd.org] that they ship as part of the base install. They've put thousands of hours into auditing all those and submitting their changes upstream.
Basically, you're donating to a team who audits and secures a lot of software, some of which they write in-house. It's not meaningful to ask them to work on only your pet project since none of it stands in isolation. For example, suppose that their new memory allocator shows an error in OpenSSH. Was the fix part of their ongoing authorship of OpenSSH, or would you credit it to the memory allocator project?
Re:Contribution made to OpenSSH or OpenBSD? (Score:3, Insightful)
I'd say it just became a whole helluva lot more meaningful if he's willing to pay for one and not the other. Money talks, open source or not.
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Interesting)
Money may talk, but you're asking it to speak gibberish. Again, there's no clear separation between OpenBSD and the OpenSSH subproject. The whole idea is like telling a C++ programmer that you want him to work on function foo(), but not class Bar which it's a part of.
Re:Contribution made to OpenSSH or OpenBSD? (Score:2, Interesting)
The system includes the following major components from outside suppliers:
* X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org)
* Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
* Perl 5.8.6 (+ patches)
* Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Insightful)
see where it says "+ patches" in your list?that's when they contribute fixes for problems in the software. They then notify the project that actually owns the software, who can then use the patches too. This is probibally more useful than sending money.
Re:Contribution made to OpenSSH or OpenBSD? (Score:4, Informative)
While I like OpenBSD I don't have a need to support OpenBSD. On the other hand I do use and would donate money to OpenSSH.
Uh, I hate to tell you, but it's all the same people. If you read the OpenSSH project is prettypage it states "OpenSSH is developed by the OpenBSD Project." So yes, you do have a need to support the OpenBSD project if you want them to continue to develop OpenSSH.
There isn't a entity setup for OpenBSD or any other of their projects it seems. It's questionable what actually happens with the money donated.
I'm sure they squander all the money on booze and hookers. Pardon the sarcasm, but it's pretty much the same as if you sent Linux a check to help support the Linux project. And if you check out the donations page, there's quite a list of names there. I'm sure if something fishy was happening to the money, someone would have noticed by now. Besides, the OpenBSD project is basically Theo's baby. Why would he jepordize it by not being honest?
Re:Contribution made to OpenSSH or OpenBSD? (Score:3, Funny)
So OpenBSD's doing some marketing now? It's about time!
Re: (Score:2)
Re:Contribution made to OpenSSH or OpenBSD? (Score:3, Informative)
This is where you're wrong. The Linux kernel, and virtually every other large open source project is funded through officialy recognized organizations of one sort or another. Nobody is making checks out to Linux Torvalds personal checking account.
The issue of whether or not Theo is going to squander the money is irrelevant. Many organizations, in particular large corporations with deep po
Re:Contribution made to OpenSSH or OpenBSD? (Score:2)
Anyone know of a plugin to allow TB read local maildirs so I don't have to run an imapd to read mail that's delivered locally?
Re:Contribution made to OpenSSH or OpenBSD? (Score:2)
Thunderbird (Score:4, Informative)
Re:Contribution made to OpenSSH or OpenBSD? (Score:2)
Re:a very bad move (Score:3, Insightful)
The Mozilla Foundation's mission is to "promote choice and innovation on the internet". When you donate to them, you're giving money to further that mission.
Choice is not limited to simply web browsers. Without Free OSes, you can't connect to the internet in a Free way. As an established, mature project that is having only monetary difficulties (not community difficulties), OpenBSD is an obvious choice to give money to.
As a group that develops OpenSSH and provides security audits, OpenBSD is also obviousl
Serious question. (Score:5, Interesting)
NO (Score:5, Informative)
Re:NO (Score:4, Informative)
Re:NO (Score:4, Informative)
They don't want to because of the huge administrative overhead that incurs. Theo'd much rather work on the next feature or security audit than on handling that.
Of course, you're free to set up your own non-profit "Friends of OpenBSD" foundation if you want to.
Re:NO (Score:2)
Re:Serious question. (Score:2, Interesting)
I don't know enough about the difference between them to deliniate, but my understanding is that to be a "non profit", you have to register with the IRS and meet a bunch of standards.
Re:Serious question. (Score:2)
As for "Not For Profits", it sort of implies an organization is not set up to make a profit, but it does not necessarily mean that it is not making profit. For example, a group of people get together to develop an Open Source application, their main objective is to provide a fr
Re:Serious question. (Score:2)
A Not for Profit is a company setup to not generate profits. They qualify as tax exempt but not as a charity for tax deductions. Anything other than a 501(c)3 organization. USPS would be a not for profit org.
Additionally, as OpenBSD is Canadian, see the following from the IRS [irs.gov]:
Canadian charit
NO (too complex for international donations) (Score:3, Informative)
Re:NO (too complex for international donations) (Score:2)
Because Canada doesn't have politicians? In any event, not having any business organization surrounding OpenBSD is bad in my, and probably countless others, opinion. Can I ask (and be answered in the affirmative) to see Theo's personal financial records? Doubtful.
Re:NO (too complex for international donations) (Score:3, Insightful)
Theo really should set up the OpenBSD foundation instead of having cheques go to himself. Even if it isn't set up to give out tax receipts to donors, it would give people a bit more assurance that the money is going towards OpenBSD.
Re:Serious question. (Score:5, Insightful)
Seriously, not having non-profit status is certainly part of why they're having trouble getting funding. It means that any contribution made to them is taxed (so they're not able to use all the money that is given to them) and I'm sure it makes companies less likely to donate to them as well because they're not able to deduct their contribution from their taxes either. I mean, I'm not saying this is the silver bullet that would solve their funding problems, but it's certainly part of it and I think it's a bigger part than they realize.
Re:Serious question. (Score:5, Interesting)
They may well be. However, they're also Canadian. That means:
Re:Serious question. (Score:2)
Anyways, like I said, there is some hassle in setting up a non-profit organization, but it's still pro
Re:Serious question. (Score:2)
Actually, its not taxed. Gifts can be given uin the US up to $10,000 without being taxed. It says on the openbsd website as well that donations are not taxed, but CD and other purches are.
Re:Serious question. (Score:2)
One of the hazards of offering perks for charity is that you get people who act charitably solely for the perks, and not because it's, well, a charitable thing to do. Take away the perks, and suddenly their charity dries up.
It makes me think B5 might have been on to something with the Vorlons' whole "if you do the right thing for the wrong reasons, the work becomes
Re:Serious question. (Score:3, Informative)
Well, there are two obvious answers; your choice may depend on your feelings about Theo...
Re:Serious question. (Score:2)
Any other projects need a sponsor?
Nothing personal (Score:2, Insightful)
Nice to know that some people don't let their personal feelings get in the way of doing what's right.
Congratulations to the Mozilla Foundation (Score:5, Insightful)
Re:Congratulations to the Mozilla Foundation (Score:2, Interesting)
Re:Congratulations to the Mozilla Foundation (Score:3, Interesting)
Re:Congratulations to the Mozilla Foundation (Score:2)
Ports (thirdparty software not in base system) is not audited that deeply quite simply because it would be too resource demanding. Note that the OpenBSD base system contains a lot of software.
Re:Congratulations to the Mozilla Foundation (Score:5, Interesting)
2. Given that "the Mozilla project uses SSH extensively for various purposes, including securing connections to the Mozilla CVS repository," perhaps supporting further development of OpenSSH might be considered important for continued development of the browser?
What about other uses of money that aren't directly "improving the browser?" Would it be acceptable for MoFo to buy new servers for download mirrors? Support forums? How about Windows licenses or Mac hardware for development workstations, build boxes, and QA?
3. While we're at it, what is it with the donate-but-with-strings-attached attitude these days?
Isn't 10K too low? (Score:4, Informative)
Quoting Chris Blizzard, a board member "I won't comment on the dollar amount, except to say that ($72 million) is not correct, though not off by an order of magnitude...."
Guess any amount is fine...but 10K seems too low, IMHO
NO (Score:5, Insightful)
So regardless of how much money the Mozilla foundation makes, if out of their heart, self interest or whatever decide to donate $10k ( or even $10), all you get to say is "thank you", and if you really want to show appreciation, ask "is there anything I can do for you?".
Re:NO (Score:3, Funny)
Re:Isn't 10K too low? (Score:2)
10% of the target from just one donor? That doesn't sound bad at all.
Re:Isn't 10K too low? (Score:2)
Significantly more than
10,000 / 72,000,000 = 0.000139 or 0.0139%
Even an order of magnitude off would make that 0.139%
If my math is correct, that is the equivalent of someone who makes $40,000 / year donating $50. Of course, I may have completely invented a new (and useless) branch of mathematics here, so your $$ may vary.
-Charles
Re:Isn't 10K too low? (Score:2)
Ah well, at least they did donate - it's more than most other people, organisations and corporations who have benefitted from OpenSSH etc. did. (Speaking of which, have you donated yet?)
Cisco (Score:3, Insightful)
Trace the source (Score:5, Interesting)
That's really the core of the issue... (Score:2)
Re:Trace the source (Score:2)
Sure. It works like this:
1. Type "www.google.com" in the location bar.
2. Hit Enter.
3. Enter your search in the form.
In all seriousness, you could probably track down the file that defines the search plugin and alter the query string, or create your own search plugin that hits Google, but why would you want to? Presumably if you like Firefox you'd want to see them supported through their search deal, and t
This just goes to show... (Score:5, Insightful)
You may not realize it, but there are countless of excellent OSS projects out there. Imagine the amount of people that have monetary troubles every single day; now image that as being a lot more difficult, and you will see the struggles of an open source programmer. Advertising and the occassional donation simply ISN'T going to do it. The worst part is, no one has figured out a source for an actual revenue stream. If we don't ensure the survival of an increasingly popular commercial model, we might face another "dotcom" crash--after all, money has to come from somewhere.
Re:This just goes to show... (Score:5, Insightful)
The worst part is, no one has figured out a source for an actual revenue stream.
Where do people get ideas like this? Revenue comes from the same place as most software, the end users. How many people does IBM pay to work on open source software they use internally? When companies want features added, customization, or support for open source software they pay someone to provide it. It is not like this is anything new. Right now I work for a company that sells hardware with a lot of customized, closed source software on it. The boxes also include a lot of open source software on them. They run Linux or a BSD as the OS and make use of lots of popular server software. We do our development using mostly open source tools. What happens when we find a bug in something? We report it. That is free QA work. Sometimes we fix it; free coding. Sometimes we need more functionality; again free coding.
That is all work our company paid someone to do and went into open source projects. That money comes from our investors and customers. So you might say, "so what?" That is only 40-50 engineers spending maybe 5% of their time. But that is what we need, so that is what we do. There are thousands of companies out there, of all sizes, doing the same thing. Some contribute a few hours a month from one developer and some hire people full-time to just improve a project, help steer the project's direction, and be an in-house expert on it. The developers are being paid. The code is being written. The end users are getting a very good deal. That is the primary business model of open source software, and it has been working for decades.
P.S. more people would donate to Theo's cause if he could establish a proper non-profit for the US.
Re:This just goes to show... (Score:2)
I agree with the gpp. $10K is peanuts. The fact that something as hugely useful as OSSH is going around begging seriously undermines the whole "FOSS's success as an iron law of history" thinking.
Re:This just goes to show... (Score:2)
But doesn't IBM's revenue stream depend on configuring and supporting Linux being so difficult that you have to employ legions of their consultants to keep it running?
IBM makes its money from services and hardware sales. Open source software provides value added for those businesses. Also, since that business requires a lot of infrastructure, they need software to use internally.
I agree that IBM does benefit by making software hard to configure and deploy, but that does not in any way nullify the useful
Re:This just goes to show... (Score:2)
Why don't you do so yourself? Establish a "Friends of OpenBSD" foundation and register it with the local authorities.
I thought the, "so fix it yourself newbie!" attitude was mostly confined to actual coding. Theo is the one who asked others to donate. If the easiest way is to establish my own non-profit organization, which I would then have to manage from then on, I think I'll just skip the whole thing. It's not like I have piles of cash lying around that I just don't know what to do with. Myself and oth
Re:This just goes to show... (Score:2)
Re:This just goes to show... (Score:2)
Re:This just goes to show... (Score:2)
It's simply a waste of time and talent to have these people process the huge amount of paperwork a non-profit entails.
If gathering money to support the cause is waste of time for them, then they should not complain about the fact that it is not getting done.
If you don't want to do it in your free time, why should they?
Because they want the money. Listen, almost every other open source project has done it, even much smaller projects. If they don't want to go to the effort, then they can't really compl
Re:This just goes to show... (Score:3, Interesting)
Re:This just goes to show... (Score:2)
The Open Source community is not in any danger and things work as they always have. People do it because
Let's hope (Score:4, Interesting)
Re:Let's hope (Score:2)
Yet another moronic comment! Anybody is free to fork OpenSSH: go read the license!
Re:Let's hope (Score:2)
He assumes the perfect world, with newbies reading and understanding all documentation and code, with 100% of all users contributing, with everybody sharing exactly his value system, etc, and is (at best) intolerant, offensive, and rude regarding any deviation fr
Well, I'll give it a shot... (Score:4, Funny)
Mostly we'll just settle for a foot massage.
Re:Well, I'll give it a shot... (Score:2)
You rock. Thank you.
$10,000 doesn't go very far (Score:5, Insightful)
Nothing against OS development, but if you want a professional package, someone has to pay for it.
-Rick
Re:$10,000 doesn't go very far (Score:2)
Which doesn't mean they do not produce good code. Probably the quality is higher than what you'll see produced by most profesional developers.
Read some of the background articles to learn what the money will be spend on.
Re:$10,000 doesn't go very far (Score:2)
But they're only asking for $100,000 (Score:2)
Conspiciously absent... (Score:4, Informative)
If you looked through the list of donations on Theo's donations page, it's quite curious that some of the larger commercial interests in the Linux World (RedHat, Novell, etc...) are NOT in there.
Of course, they may have requested no publicity.
This is Slashdot, I'll let you draw your own conclusions here... :)
Re:Conspiciously absent... (Score:5, Informative)
Nope, they just didn't donate [theaimsgroup.com].
Hell, IBM even wanted the OpenBSD team to handle end-user support for one of their high-paying customers for free.
I'm with Theo on that one... (Score:2)
Get a ton of money for a support contract then send your client, not support staff, not in house developers, your client to the dev mailing list for a fix, on a project where you have not shown the least bit of good will, fuck you.
Even more conspicuous (Score:2, Insightful)
Re:Even more conspicuous (Score:3, Informative)
Re:Conspiciously absent... (Score:2)
Perhaps, but itd be rather stupid to alienate the many developers who are intimately familliar with the code, very very good at auditing it for security and stability, and have maintained it for a long time....
Re:Conspiciously absent... (Score:2)
If Redhat touched that code, do you think it will continue to be secure? And why would Redhat want to fork OpenSSH in the first place?
This is great news, however... (Score:3, Insightful)
EVERYBODY should contribute, especially the companies that have profited from the hard work of the team.
Re:This is great news, however... (Score:3, Insightful)
Shut up. The BSD license makes it legal for them to turn a profit on the code, without giving any money back (just like the GPL and any other open-source license), but it doesn't make it any less immoral, and it certainly doesn't mean they shouldn't be publicly shamed for it.
Particularly when these companies are full of hot-air about how much they support open source.
Donation is to OpenBSD, not OpenSSH (Score:3, Informative)
OpenBSD project. The Mozilla Foundation made a $10K donation to the OpenBSD project in support of development of OpenBSD, OpenSSH, and related activities. The OpenBSD project does great work in the area of creating a secure Unix-like operating system (which runs Firefox, of course) and developing related security technologies. In particular the Mozilla project uses SSH extensively for various purposes, including securing connections to the Mozilla CVS repository. The OpenBSD and OpenSSH projects have been experiencing some financial difficulties, and based on their importance to the Mozilla project and to the wider open source and free software world we felt that it was well worth showing our support for them.
The Widow's Mite (Score:2)
(So where's my thread?)
OpenBSD and the money (Score:5, Insightful)
There has been such a great soap opera on this on the OpenBSD mailing list.
It's nice to see mozilla.org donate some cash but the real money should be coming from IBM, Redhat, Cisco and all the other vendors that bundle OpenSSH into their products. Somewhere in that post is a link to an email chain where IBM demanded Theo fix a bug that was in OpenSSH. (I believe the bug was fixed in a more recent version of OpenSSH then they were bundling.)
Sure, they could change the license for OpenSSH and start making money off it but that's missing the point of what the BSD license is all about.
It costs a lot of money to run that project and keep ahead of the jerks who are trying to break into your systems every day.
If you use products from vendors that have OpenSSH bundled in them and they aren't on http://www.openbsd.org/donations.html [openbsd.org] then send them an email and ask them to give regularly. that's the only thing we can do to help keep us safe on this hostile internet!
GO PUFFY
Hypocrisy considered harmful. (Score:3, Interesting)
Now, I may be wrong, but I do not recall a flamefest back then about how that anticapitalist hippie Stallman would just spend the money on pizza and T-shirts. Why is it, then, that when the Mozilla group seeks to fund OpenSSH, the standard seems to be different?
Re:Hypocrisy considered harmful. (Score:2)
BSD is NOT dead (Score:2, Funny)
Re:Good for Mozilla. (Score:5, Informative)
Re:Good for Mozilla. (Score:5, Informative)
It's not an ssh problem. Connection rate limiting is something you really want to do with a firewalling solution.
Re:Good for Mozilla. (Score:4, Informative)
Re:or... (Score:2)
Actually there are probably four or five different allocations schemes within Mozilla. That's not so much of a problem as that there are several different object models all with various bridges. As new things come along the interactions can get quite complex. The memory leaks aren't due to this, but this situation makes tracking them more difficult.
To bring this back somewhat on topic. I wonder how, as time goes on, many of these open source projects will age.
Re:Mozilla - "OpenSSH" - Beer! Laundry Time! (Score:3, Interesting)
However, posting
without backing it up is kinda trollish. I'd be interested in seeing the information whose existence is implied by that statement.