Kernel Trap Interview with Theo de Raadt 181
An anonymous reader writes "KernelTrap has an insightful interview with Theo de Raadt, creator of OpenBSD. The wide-ranging interview focuses first on the past few years of OpenBSD development, then moves on to the recently released OpenBSD 3.9. De Raadt talks about how binary blobs threaten free software, and how OpenBSD developers work to reverse engineer them. He also talks about the future of OpenBSD, his views on Linux, and why developing truly free software is so important to him."
Theo (Score:5, Funny)
Re:Theo (Score:2, Insightful)
Re:Theo (Score:2)
Re:Theo (Score:2, Informative)
He's always been cordial when I've had dealings with him. In fact recently on the misc@ list I mentioned problems with getting both cores on an AMD64X2 going with 3.9, pasted dmesgs, etc. and he wrote me off-list suggesting I compile up to -current. His suggestion worked and saved my sanity.
Re:Theo (Score:5, Insightful)
Having to deal with him regularly might not be fun, but sometimes it takes assholes to get things done because they're prepared to piss people off to do what needs doing. If the goal were to make OpenBSD into another Ubuntu or Gentoo, his attitude probably wouldn't be that helpful, but for the goals they have it seems to work.
Re:Theo (Score:2)
And he's of course not the slightest bit afraid to speak his mind.
Re:Theo (Score:2)
Re:Theo (Score:5, Interesting)
I have had discussions with Theo about trying to get my current employer (at the time) to open up documentation so OpenBSD could write drivers for our hardware. Lets just say I failed (Sorry Theo - I really tried, to the point that my annual raise was affected by it). However I found Theo to be very supportive and personally agreeable to me - I assume he realized I was trying to help and doing the best I could.
I can imagine people that are fighting against things he is trying to do could see him in a negative light - but again... I see the same kinds of things said about all of the great ones.
Re:Theo (Score:2)
a nice guy is someone who's nice even when you don't have something that they want, an asshole
Re:Theo (Score:2)
I know we all know this, but Linus has much the same problem, which is why he calls Neo-BSD developers rude names when they come to a different conclusion than him on some topic.
But, of course, that's a
Re:Theo (Score:3, Interesting)
FCC Rules (Score:5, Insightful)
See, here's the thing...the people he needs to convince here are the hardware manufacturers. You aren't going to get them to release open drivers by suggesting that the FCC should "go after" them. In fact, it serves to reinforce their binary-blobs-only position; after all, that's their current protection. But worse, by tacitly agreeing with their position about the FCC rules, he cedes the important part of the argument...the part where he could have won it. That's because while the FCC does indeed require that the consumer not be able to change the frequency to licensed spectrum, they have never taken the position that changing the source code is normal consumer operation. After all, consumers can change the frequency on many other chipsets (even in Windows) with binary patches. This is simpler than changing source code and recompiling it. I have never heard anything from the FCC that says you can't distribute source code with this functionality. Which is good, because the current mainline Linux kernel does distribute code that does this. If FCC rules actually forbade this (as the hardware companies are claiming) then it would be illegal to distribute the Linux (and presumably OpenBSD) kernel in the USA.
There was a wonderful discussion of this on the LKML recently in context of Intel's binary blob driver.
Re:FCC Rules (Score:3, Interesting)
You did not really read that article, did you? OpenBSD wants hardware documentation, and besides, why should I as an EU citizen care about FCC regulations?
Re:FCC Rules (Score:2)
For the same reason that I, as a US citizen, should care about the EU's RoHS regulations.
Re:FCC Rules (Score:2)
FCC rules does not apply to me, so why should I care about those restrictions? This is similar to use of strong encryption and US regulations.
Re:FCC Rules (Score:3, Insightful)
Re:FCC Rules (Score:2)
You are very confused. I'm not obliged to follow FCC regulations while not in USA, or any other US law for that matter. A wireless product sold in USA has to be FCC compliant, and that i
Re:FCC Rules (Score:2)
A wireless product sold in USA has to be FCC compliant, and that is clear, but that does not imply that FCC regulations are world wide in their scope.
That is correct. And I never once said or implied that FCC regulations were global in scope. I did, however, say that US regulations impact all FOSS users regardless of where they live. And I've given far more than adequate evidence to support that position. Again, note that Theo does not reside in the US, yet he obviously considers these particular FCC reg
Re:FCC Rules (Score:4, Informative)
Because hardware and device manufacturers don't want to have to make multiple versions of their product if they can avoid it, chances are they're going to make it compliant to the largest number of regulatory bodies that they possibly can. Hence why my mouse is manufactured in China but approved according to regulations in the U.S., Canada, Germany, the E.U. (separate from Germany), and a bunch of Asian ones I can't read. And that's without even counting the non-governmental certifications (UL, CE, etc.).
An FCC regulation that changes something fundamental about how electronic devices have to be made is almost sure to affect people everywhere in the world, just like the E.U. RoHS rules are going to change the stuff I buy here in the U.S., even if we as a country didn't give a damn about how much hazardous substances were in our electronics. (We do, we're just taking our time about it.)
So while the FCC doesn't have any direct authority outside of the U.S., it affects how lots of things which end up on the world market are made, and you'd have to be pretty naive to just ignore that.
Re:FCC Rules (Score:2)
Of course FCC regulations have influence outside USA, as many other laws and regulations. This does not imply that the rest of the world should meekly accept these regulations as an excuse for hardware companies not to release hardware documentation. That I don't care for some US regulations/laws does not me
Re:FCC Rules (Score:2)
I think you answered your own question that you wrote in a previous post:
"FCC rules does not apply to me, so why should I care about those restrictions?"
You should care because they have influence outside the USA and you shouldn't meekly accept those restriction
Re:FCC Rules (Score:3, Informative)
EU rules don't apply to me, but I care about RoHS restrictions because manufacturers tend to design to the most restrictive set of regulations that will apply to a product. Same deal with FCC regulations, in a broad sense.
-h-
Re:FCC Rules (Score:2)
Re:FCC Rules (Score:3, Insightful)
You did not really read that article, did you? OpenBSD wants hardware documentation...
I did indeed read the article...I just recognized the larger issue that was not explicitly stated therein. Yes, what he really wants is documentation, although I'm sure he would be just as happy if they simply released the source to their binary blob. In any case, the reason he wants documentation is so that FOSS developers can write a completely open source driver for their hardware. The reason the hardware manufacture
Re:FCC Rules (Score:2)
As for FCC regulations and me as an EU citizen: I don't have to comply with FCC regulations while not in USA. The same goes for strong encryption. In this sense I don't care about FCC regulations. T
Re:FCC Rules (Score:3, Informative)
In the article he mentions open source drivers written under NDA that are essensially unmaintainable, whence of dubious quality.
No he doesn't. He says "Some Linux (and recently FreeBSD too) developers are willing to sign NDAs so that a few people get the documentation, and I believe that this is the largest problem facing the kernel side of the open source community today." Now, you'd have to ask him to clarify to be certain, but I would say the chances are extremely slim that he's talking about people w
Re:FCC Rules (Score:2)
The manufacturers could make multiple versions - one FCC compliant for sale in the US, and one for everywhere else.
They don't because that costs more and eats into profit margins.
Things like this are one of the reasons why "power bricks" are so popular. The highest regulation tends to be where the highest voltage is. By having the country-regulation specific wiring in a seperate power brick, the companies can mass-produce the main unit (Xbox, etc) and just have regionalized power bricks
Re:FCC Rules (Score:2)
The manufacturers could make multiple versions - one FCC compliant for sale in the US, and one for everywhere else.
Well, yes, obviously; I just sort of took the cost factor as a given. Note my line "when you find a wifi chipset that isn't sold in the US let me know" It's also worth noting that the 802.11b spectrum is different in Europe than in the US, and that many drivers have multiple versions so as to open up the extra two channels for non-US users. This is another piece of evidence that the source-c
Re:FCC Rules (Score:2)
Now you are misrepresenting my posts. Let me rephrase: I do not have to follow US regulations as an EU citizen living in EU. In this sense I don't care about US regulations.
If you can't figure out why non-US citizens should care about the policies of the largest importer of goods, Of course we do! We are financing your cons
Re:FCC Rules (Score:2)
No one is saying that... You really are thick-headed, aren't you?
If you had a scintilla of intelligence in your hollow cranium, you would have seen his point immediately.
In a world market, a company will manufacture to the most restrictive specifications. In the case of wireless chipsets it is the FCC regulations. They are *not* going to make different versions for the EU/CAN/US, et
Re:FCC Rules (Score:2)
I think that you have it backwards - the US imports goods and "exports" money. If "you" were financing US consumerism and the Iraq war, the flow of money would be going the other way. In fact, you could make a better case that the US was financing your opposition of the war (assuming that you're posting from a country that does not sup
Re:FCC Rules (Score:2)
I think that USA is great country, and there is much to admire. However, that cannot be said of the current Administration which is downright scary.
There is a hug influx of money into US by foreign central banks having valuta reservers in US dollars, enormous foreign investments (funds, Arab petro dollars etc) and huge trade deficit. Conbine this with enourmous Federal spending (Iraq, as an example), budget deficit, huge tax cuts and US families that are i
Re:FCC Rules (Score:2)
http://www.truthandpolitics.org/military-relative- size.php [truthandpolitics.org]
Re:FCC Rules (Score:2)
Yeah, yeah, here's the quote [newsforge.com]
Re:FCC Rules (Score:2)
I think you're reading too much into the term "NDA". For example -- "Here's some hardware documentation, don't post it on the web" is an NDA.
Theo
Re:FCC Rules (Score:5, Insightful)
The same thing applies generally to power output levels. Sophisticated radios have some spare margin in the transmitter power output, and the actual output power level is calibrated at manufacturing time and then set in a FLASH based lookup table. The output power is then controlled using the embedded micro, driving a DAC. In this system, having open code on the embedded micro means that an uncaring individual could just crank the power output without regard for the FCC requirements.
You can say what you want about the motivations and ethics of the OpenBSD team members - if the source is out there, there will be others that take advantage of any "gains" they could make by tweaking some tuning parameters beyond the design or regulatory limits.
Ask Theo de Raadt how long it took him to get from his buffer-overrun Sun console hacking days to where he is now - almost everyone goes through a phase where "Just because I can" is sufficient justification to do poorly thought out things.
Re:FCC Rules (Score:2)
As a current and past employee of several companies that make wireless transceivers subject to FCC licensing, I can tell you that there is no cost effective way to limit a device to FCC restrictions purely in hardware.
I understood that sentence, but very little of the technical discussion that followed. However, it seems like you're making this too hard; if one wanted to limit the output of an RF transmitter in hardware, wouldn't it be trivial to simply put a couple of RF filters (one high-pass, one low-
Re:FCC Rules (Score:3, Informative)
Re:FCC Rules (Score:2)
Can you do that, with drivers and hardware that dont allow you to tune the power levels?
Re:FCC Rules (Score:2)
Re:FCC Rules (Score:4, Informative)
Wireless system designers use filters already to limit out-of-band emissions, but the problem is that no practical filter has a 'brick-wall' response where the passband ends exactly at the edge of the allowed spectrum. In a typical 2.4 GHz wireless network system you could probably go outside the band by 10 MHz before the filter rolloff became significant. With that freedom, an enterprising wireless LAN operator could set up his own little playing area away from everyone else's interference - but he'd be tromping on some unsuspecting folks.
Re:FCC Rules (Score:3, Informative)
Also if you put in a hardware filter it would "absorb" some of the power that they device uses to transmit. So you would get a weaker signal or have less battery life. Also it wouldn't limit the power of the transmitter.
In short if you put the limits in hardware the produce would cost more, have a smaller market, and use more power. It just wouldn't be as good as a card that does everything is software.
It would fail on the mark
Re:FCC Rules (Score:2)
Re:FCC Rules (Score:3, Insightful)
See, you're missing the point here. It's not whether a consumer might be able to violate FCC regulations. It's the fact that manufacture of a device that allows the consumer to transmit in a licensed band is itself a violation.
In other words, the manufacturers are prohibited by FCC rules from making a device that a consumer can run in a licensed band or at a higher-than-allowed output power. However, the part the manufacturers are ignoring is that the FCC seems to mean this in the context of the normal co
Re:FCC Rules (Score:2)
If there is some problem with having the firmware loaded by an open-source driver, then the hardware manu
Re:FCC Rules (Score:2)
Um, sure. But I don't think Theo cares about it being "pure hardware" or a hardware/firmware mixture. As long as it isn't in the software driver, wifi hardware companies can't claim that releasing source is against FCC rules. And, as the parent was saying, it probably isn't anyway.
Re:FCC Rules (Score:2)
Re:FCC Rules (Score:2)
This is typical with spacecraft. There is an interval timmer that forces and interrupt that drive the processor to execute coe from ROM periodically. The "safe mode" or "fail safe" or "watchdog" stuf runs there even if a totally bogus set junk gets uploaded in the the RAM. Alows remote rec
Re:FCC Rules (Score:2)
Then you can DOCUMENT THAT INTERFACE.
There's nothing particularly difficult or expensive about doing that. It's just a shim between the driver and the hardware. And done right (e.g. ENGINEERED PROPERLY), you can also save your company from ever having to release anything o
Re:FCC Rules (Score:2)
In multi-band radios, the equipment can typically be operated slightly beyond the intended band edge due to the filters not having an infinitely
Re:FCC Rules (Score:2)
No: he doesn't care if you do that. That's not a 'blob' - that's a loadable firmware. That's fine. Just give them a copyright that allows them to redistribute it, and he's happy.
What he cares about are binary-only driver blobs - as in, some object file that gets linked with a wrapper file
Financing? (Score:4, Interesting)
Any idea who he's refering to?
Re:Financing? (Score:5, Informative)
Source [computerworld.com]
Re:Financing? (Score:2)
Re:Financing? (Score:2)
Re:Financing? (Score:2, Insightful)
So how come no one's blaming Theo then? If it is true that his attitude lost him his funding (which isn't demonstrated, btw), then let's blame the attitude. You don't tell someone to fuck off and then expect them to fund you.
Re:Financing? (Score:2, Interesting)
All of them. In grant financing, the institution will often take a percentage of the gross, as large as 48%, or more in some cases. It's justified under a multitude reasons, e.g., management, common facilities, name, reputation, goodwill, etc.
Sometimes these funds get funneled back through deans to dept. chairs and, yes, the even PI as a salary bonus, thereby allowing them to write a larger salary number in the next grant.
I'm not saying it's right but that is the way it is.
Overhead rates (Score:3, Informative)
Basically, things like lab space may be direct or indirect (overhead) costs, depending on setups.
Given that they weren't on staff so there was no fringe (taxes, benefits, etc.), and they weren't using any school resources, maybe they
Re:Overhead rates (Score:2)
Department of Redundancy Dept. (Score:3, Insightful)
So isn't it redundant to say "binary blob"?
Re:Department of Redundancy Dept. (Score:2)
Yeah. You can't imagine my disappointment in the 80's when I bought a ticket to see a technical movie about "binary large objects", only to see NOT ONE computer in the whole movie!
I mean, they even CAPITALIZED "BLOB" to fool people into thinking it was an acronym.
Re:Department of Redundancy Dept. (Score:2)
A "blob" is just something that you don't understand but still use. Binary or text, it doesn't matter.
We don't buy hardware that OpenBSD doesn't support (Score:5, Interesting)
If a hardware company is so proprietary or secretive or locked-down that OpenBSD can't (or chooses not to) support it, I don't believe that company will last in the long run.
Re:We don't buy hardware that OpenBSD doesn't supp (Score:4, Funny)
OpenBSD confirms it. Adaptec [adaptec.com] is dying.
Great Interview... (Score:3, Insightful)
Honestly though, he is right...the big Linux vendors really needed to step up and donate to the project. I am a FreeBSD user and certainly understand the need for funding to keep these projects going. OpenSSH is an amazing piece of software that we all use quite a bit. I can't say that I give all of my money to these projects but I do purchase CD sets and can only hope that the rest of you do as well.
I guess sometimes we are all dicks when we really believe in something. Although Theo can come across as a dick sometimes he really does stand for a good cause. Software should be free!
They step up to help OpenSSH if needed, w/ code (Score:2)
Money donations go into the OpenBSD pot, supporting a competitor.
It's kind of a bait-and-switch Theo is trying. He asks for OpenSSH donations, but he doesn't keep the funding separate from OpenBSD. So he's demanding that Red Hat donate to OpenBSD. Excuse me???
Linux uses OpenBSD too (Score:2)
And linux devs openly admit that OpenBSD often identifies and patches security holes that also affect linux. So bug and security fixes cancels out drivers, Theo's OpenSSH point is left standing.
NDAs are a big problem? (Score:2)
Why is this a problem? If you are signing an NDA so you can write an open-source driver that anyone can read, edit and redistribute, surely that's not so bad? Of course it would be better to have completely open hardware specs, but if you really need to understand how this piece of ha
Re:NDAs are a big problem? (Score:3, Interesting)
Theo apparently feels (as I do) that the more we support vendors who refuse to just open up their specs, the less vendors will open them up. If Linux is taking over the server market (it is) and they need to open their device specs up to have them supported (they don't, if people will go NDA) then more companies will open up their specs so that they can be supported by linux - because companies like to minimize the variety of hardware in their organization for support reasons, and they are more likely to s
Re:NDAs are a big problem? (Score:4, Interesting)
no (Score:3, Informative)
The reason companies do not open up their drivers (Score:3, Insightful)
I think one reason for this is because there are a zillion consumer devices out there and no real place to be able to look up a given piece of consumer hardware and see who is making the chips for said hardware, and whether the chipset in question has a Linux driver. More importantly, if a given chipset doesn't have a Linux driver, the documentation should tell us whether this is because the chipset in question is closed, or if it is because no one has had a chance to write a driver.
If this information is out there, when people give the usual "Linux sucks because it doesn't support X piece of hardware" flame, the reply can be "blame the makers of X piece of hardware, not Linux". If this mindset catches on, companies will start supporting Linux better. For example, I bought a Creative Zen Nano instead of an iPod Nano because the Zen had full Linux support; the iPod doesn't.
The problem with making this online database is that someone will need to be motivated to make such a database; this is a non-trivial task. The wiki model is perfect for something like this. Indeed, someone has a wiki-based database like this for IBM Thinkpad computers [thinkwiki.org]
Compilers (Score:2)
Re:Compilers (Score:2)
Re:Compilers (Score:2)
Re:Compilers (Score:2)
Re:Compilers (Score:3, Insightful)
Re:You are a little confused. (Score:3, Insightful)
Version Numbering (Score:2)
The worse offender in this regard has to be Mac OS X. I see people write "Mac OS X 10.4", which is the same as saying "Mac OS Ten Ten-point-four". And I've never seen anyone write it as "Mac OS X.IV" or "Mac OS X.4". (Most people say "ex" instead of "ten", I bet.)
Re:Version Numbering (Score:2)
What does "truly free software" mean? (Score:2)
OpenBSD code auditing? (Score:3, Interesting)
My question is this: what is the "standard OpenBSD proactive auditing process"? Before, I've lightly asked about this on the misc@ mailing list, but the answers weren't very helpful, generally paraphrased as (1) experience or (2) study the CVS diffs.
Well... that's nice, but I'd like to have a more straightforward "beginner's approach", something a little more accessible. I agree that only experience will make you a truly great secure and correct coder, but it would be nice to have a book that explained (and gave examples) of the kinds of things that the OpenBSD developers routinely look for in their code audits.
Put another way, I feel I have a good understanding of the fundamentals of secure C programming: generally prefer strncpy() (or strlcpy()) to strcpy(), know when to use memmove() or memcpy(), always check input parameters to make sure they are within the defined boundaries of the function, etc... but surely there's more than just these well-known general rules of thumb, right? It would be nice if core OpenBSD developers could have their secure C programming expertise dumped into a book!
Re:Blobs eh (Score:2, Funny)
Re:So petulant and arrogant. (Score:2)
Making it GPL would do nothing for the funding, it mearly would add more restrictions to the license, which the OpenBSD folks are totally against.
Re:So petulant and arrogant. (Score:3, Insightful)
There's nothing wrong with _asking_ for contributions. He knows that nobody owes him anything, and that jackasses like you will give him nothing but hot air, probably all the while logged into an OpenSSH server somewhere.
Re:So petulant and arrogant. (Score:4, Insightful)
The OpenBSD project's recent funding problems have absolutely nothing to do with licensing; zero, zip, nada. The problem is not companies (Linux vendors, Cisco, Sun, etc.) modifying OpenSSH and without releasing changes publicly. The OpenBSD/OpenSSH project doesn't care about that, they expect it to happen. The problem is with said vendors using, redistributing and profiting from OpenSSH without making even a modest monetary donation in return. Given this, please, enlighten me as to releasing OpenSSH under the GPL would have any impact on this? Where in the GPL does it state that all redistribution and/or modification requires supporting the software's developers financially?
You think expecting a little money for something you poured blood, sweat, and tears into is "arrogant"? How about including open source software in almost all of your products (Cisco, Sun), and not giving a penny back for being given the opportunity to do so? Of course you have no obligation, but given the fact you're profiting off of this software, wouldn't it be wise to donate something (money, hardware) to the developers so that the software you're profiting from can continue to be developed? Some companies/projects have: GoDaddy and the Mozilla foundation. And hopefully more will in the future.
Oh, and whoever modded the parent up as insightful needs to be hit with a cluestick.
Comment removed (Score:5, Insightful)
Re:So petulant and arrogant. (Score:2)
My example doesn't contradict my point. Most street walkers simply don't get a fair value for their sex. $20 a blow job? $50 for intercourse? Admist the risk for lifelong disease? The prostitutes are getting screwed on a major scale
Re:So petulant and arrogant. (Score:5, Funny)
So, he's a slut?
Re:So petulant and arrogant. (Score:2)
Re:So petulant and arrogant. (Score:2)
. . . then you deserve to be used and abused like a cheap hooker
See, it's you that "deserve" to be used and abused, the cheap hooker merely "is" used and abused without a value judgement. Not that it's a particularly pleasant analogy but the GP didn't say what you're objecting to.
Re:So petulant and arrogant. (Score:2)
The alternate scenario where everybody just takes what their neighbour has, would seem to end up with us all sitting around in the dirt stealing sticks.
Re:So petulant and arrogant. (Score:2)
By generating a big chunk of (mostly security-oriented) patches that most other projects like to ignore right away.
Re:So petulant and arrogant. (Score:4, Insightful)
Re:So petulant and arrogant. (Score:3, Interesting)
If you were minded to you could find out for yourself what Theo has contributed. Scan the source tree of just about any project the OpenBSD team ships and hunt for openbsd.org. If by chance you don't find anything then search again for "De Raadt" or some of the other developers' names. More like
Re:So petulant and arrogant. (Score:2)
Re:Looking for a small, fast, correct compiler... (Score:2)
Re:Nope. (Score:2)
not lackluster (Score:2)
#!/usr/bin/tcc
Re:theo de raad (Score:2)
And he did not ask for help on slashdot, he asked for help in the slackware-changelog, which was later posted on slashdot.