Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hifn Restricts Crypto Docs, OpenBSD Opens Fire

ScuttleMonkey posted more than 8 years ago | from the don't-tread-on-me dept.

304

Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."

cancel ×

304 comments

Go Theo. (3, Funny)

AltGrendel (175092) | more than 8 years ago | (#15531088)

They obviously don't know who they are dealing with.

This should get really interesting.

Re:Go Theo. (1)

thc69 (98798) | more than 8 years ago | (#15531112)

Heh...for once, Theo's attitude is actually put to good use.

Go Theo-Batter up. (0)

Anonymous Coward | more than 8 years ago | (#15531180)

"They obviously don't know who they are dealing with.

This should get really interesting."

I hear he's going to take his small portion of the market and go home.

Re:Go Theo. (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15531341)

Is that a fact? I think I know who they're dealing with. An adult baby.

I'm assuming you actually run OpenBSD, because no one else in their right mind gives a shit about what incoherent ramblings de Rat spews out.

By my math... (2, Insightful)

Enderandrew (866215) | more than 8 years ago | (#15531100)

...I count 12 required fields where you have to enter data.

Is this worth throwing a hissy fit over? Once one person downloads the docs, they can distribute them.

Re:By my math... (3, Insightful)

tygerstripes (832644) | more than 8 years ago | (#15531130)

Registration at our extranet is required along with an email address that can be confirmed. We cannot support anonymous FTP or http downloads. The reason for this is that we are required by the conditions of our US export licenses to know who and where our customers are. If anyone objects to registration then we could not sell them chips anyway so it does not seem an unreasonable restriction to us.

Implication: they are collecting the data in case they're asked to provide it. To the US Govt. Yeah, that's pretty hissy-worthy when you're trying to claim that you're opening up access. I have little doubt that registration will lead to some non-disclosure agreement or other, though I'm not prepared to try it myself.

Incidentally, how does the supplying information without charging for it constitute "export"? And by comparison, if I want to download a manual for something I bought second-hand, why can't I? Just a thought.

Re:By my math... [export control] (1)

rpg25 (470383) | more than 8 years ago | (#15531433)

The way export is defined in US regulations and laws is not about sale. It has to do with making objects and information available. E.g., multinational companies are required to provide some segmentation in their computer networks to avoid exposing export controlled, or ITARS restricted information from reaching their non-US employees.
Whether or not one thinks that the US government is becoming paranoid and over-secretive (I do), this is not an unreasonable definition of export. E.g., if one just gives centrifuges for enriching uranium to Iran, they are exported there, independent of whether one receives reimbursement. The arrival at the endpoint of the object or information is what the US government cares about, not whether someone is paid to supply the stuff.
If you believe at all in export control, then it's not unreasonable for the US government to require that a vendor make some attempt to verify that its transactions comply with export control. Otherwise, you can just have someone say "I'd like to buy a whole lot of weapons-grade uranium. Here's my check."

Re:By my math... (5, Insightful)

Deliberate_Bastard (735608) | more than 8 years ago | (#15531131)

>I count 12 required fields where you have to enter data.

>Is this worth throwing a hissy fit over?

And I count one (1) principle at stake.

Which is *always* worth throwing a fit over.

Re:By my math... (2, Insightful)

gowen (141411) | more than 8 years ago | (#15531505)

And I count one (1) principle at stake.

Which is *always* worth throwing a fit over.
The ability to compromise is not a sign of weakness.

Re:By my math... (2, Interesting)

linvir (970218) | more than 8 years ago | (#15531139)

Once one person downloads the docs, they can distribute them.

That would be fine if they were writing homebrew XBox games. Maintainers of major operating system distributions, on the other hand, have to be very careful about complying with licenses.

And did you even read the email? Hifn wants de Raadt to play along and pretend that their docs are open. They think that they deserve special treatment over all the other manufacturers in the industry, probably in order to collect data to sell on to marketers.

Is that worth throwing a hissy fit over? No, but then your choice of phrase is poor, and gives away how little attention you payed to the content of the email itself. It's certainly worth telling Hifn to go screw themselves over, which is what de Raadt is doing.

Re:By my math... (5, Insightful)

bhima (46039) | more than 8 years ago | (#15531228)

Yes.

You have to sign an NDA to get the documents. So you would be violating the NDA to redistribute them.

There isn't a business advantage to this sort of secrecy because your competitors can easily obtain this same information through a blind. So it comes down to policy motivated by irrational fear & greed. Who needs to really deal with company with these qualities?

This topic is of primary interest to me because I am shopping for a crypto accelerator card right now, for use in the fall. Given the success and ease I have had using OpenBSD, and given the great support I have from the mailing lists, this is a reasonable criterion to use when purchasing hardware. In fact at some point of the decision making process for all of my hardware I have done a search on the OpenBSD mailing lists. This sort of information makes installation and maintenance a simple thing.

So it really does boil down to unless the OpenBSD group recommends a certain piece of hardware I won't buy it...

Re:By my math... (0)

gkhan1 (886823) | more than 8 years ago | (#15531359)

Ofcourse you can't redistribute them! Ever heard of copyright infringment? Just because you get to see something for free doesn't mean they arn't copyrighted.

Unless they release the docs under some sort of neat little license (CC, GFDL, PD,...) you can't just copy someone elses work and give it to others. Have the RIAA taught us nothing?

Re:By my math... (1)

tinkerghost (944862) | more than 8 years ago | (#15531401)

Have the RIAA taught us nothing?

When you've lost, declare victory & go home [slashdot.org] ?

Theo (4, Insightful)

dirtyhippie (259852) | more than 8 years ago | (#15531113)

Oi, Theo! I agree with you 100%, but please, tone down the virtiol just a smidge! From TFA:

Jason and I spent a lot of time writing that code in the past, but because your policies are privacy invasive towards us, and thus completely thankless for the sales that we have given you in the past -- we will not spend any more time on your crummy products.

And if you continue baiting me, I will delete the driver from our source tree.

Calling their products "crummy" and threatening them with driver deletion if they don't stop "baiting" you is not a way to get what you want. Now it means some egomaniacal manager has to eat crow for the driver to go public. I was in 100% agreement with your post until I got to this point.

Sometimes, I wish someone would just slip some sort of tranquilizer in the water supply near Alberta...

Re:Theo (4, Insightful)

flumps (240328) | more than 8 years ago | (#15531145)

In fairness you do not know what has gone before. Theo mentions "personal emails" and "previous discussions".

Some people just do not listen unless you threaten them like this. It must've been the last straw..

Re:Theo (1)

gowen (141411) | more than 8 years ago | (#15531161)

I've seen plenty of evidence that one does not have to have reached "the last straw..." before Theo will escalate a discussion in a screaming flamewar/bitchfest. He has repeatedly proven himself chronically incapable of dealing with people whose opinions differ from his own.

Re:Theo (1)

flumps (240328) | more than 8 years ago | (#15531186)

Can you post any links to examples? I'm not being funny, I'd like to see what this guys like.

Re:Theo (1)

gowen (141411) | more than 8 years ago | (#15531487)

Well OpenBSD only exists because deRaadt couldn't play nice with the NetBSD team. See section 18.3 [jus.uio.no] . His inability to keep a civil tongue in his head is legendary: that might be excused as charmingly idealistic in a 20 year old, but its embarassing as a balding rocker with a pony tail in a man pushing 40.

Re:Theo (2, Insightful)

Bin_jammin (684517) | more than 8 years ago | (#15531200)

Theo must be the only person you have to deal with ever. Seems most everyone I meet these days is like that.

Re:Theo (1)

JanneM (7445) | more than 8 years ago | (#15531191)

Theo mentions "personal emails" and "previous discussions".

Something which for most people, amazingly, does not lead to the kind of immature name-calling normally reserved for the second-graders cafeteria table.

The OP is completely right; he's just made it harder for anybody to back down or find a solution. Completely unnecessarily.

Re:Theo (1)

Plammox (717738) | more than 8 years ago | (#15531316)

OMG! Slashdotters preaching tolerance and maturity? Next thing will probably be MS opening the source for Vista and seven angels with trumpets...

Re:Theo (3, Informative)

Anonymous Coward | more than 8 years ago | (#15531485)

You clearly have no idea what goes on before Theo brings something public.

Repeated contacts are attempted, and vendors ignore them.
More contacts are attempted, and maybe a low-level person says, "I'll check into it"...and then vanishes.

This goes on for some time before things are brought public.

Publicly pointing out the idiocy of a corporate policy is an absolute last step. The potential for dammage is recognized, but by that point, it really doesn't matter. The "nice and quiet" approach has been tried, failed, and produced NOTHING. What's the worst that can happen by bringing things public and nasty? Nothing! What's the best that can happen? Something better than nothing. This is only done after there is NOTHING LEFT TO LOSE!

Vendors like it when you are nice and ask quietly. They can easily ignore you, pretend you don't exist and conduct business as usual.

Meanwhile, the rest of the open source software world sits back, calls Theo a jerk, and benefits from the work he does, and says, "look how nice we are". Lazy bums.

Re:Theo (-1, Troll)

Bilestoad (60385) | more than 8 years ago | (#15531215)

Exactly - Theo the petulant child. People like him are exactly why I don't bother looking into open source further.

There is no reason to post this kind of inflammatory garbage to a public mailing list. There was nothing insulting from Hifn; by definition, Theo is not professional (doesn't get paid for what he does), but professionalism and common courtesy never hurts.

Re:Theo (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15531302)

Theo does earn a modest living from working on OpenBSD. The 'petulant child' is sat on boards and councils all around the world, just because they use polite formal language, it doesn't make them any less childish. Theo isn't really being childish, he's under no obligation to support this companies chips. Had it been me, I would have pulled Hifn drivers from the kernel tree instantly, permanently and with no further debate.

Re:Theo (0)

Anonymous Coward | more than 8 years ago | (#15531536)

He's not being childish - he's being extraordinarily rude. He could have summed up his position with:

Sorry, but we don't want to have to register on your site to get the documentation. If we can't get access without registration then we may have to drop our support for your chips,

Instead he chose to call the guy a liar, blah blah blah.

It's also fair to say that if Open BSD doesn't support these chips, both Open BSD and the chipmaker lose. It's not like Open BSD or Hifn is the only game in town.

Re:Theo (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15531349)

I have to disagree there. The chap may look like a fool to certain people,
but he is only further alienating people who are outside the project already.
There needs to be more of this kind of plain talk. I have great respect for
these types of character who speak straight and openly mock officious business
and legal nonsense. I have the greatest respect for the PirateBay practice
of posting the laughable legal notices they receive along with scathing
responses. We need more of this open hostility to bullshit.

You say that Hifn made no insult, but that is for Theo to infer not for you
to deduce. Perhaps he takes an authoratarian expectation to comply with arbitary
hoop jumping as an insult, I can see that too.

Your definition of professionalism is quite personal. For example, someone who
bases their choice of software on the personality of the coders rather than
the quality of the product could be taken as churlish and unprofessional too.

Re:Theo (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15531407)

Exactly - Theo the petulant child. People like him are exactly why I don't bother looking into open source further.

You do realize your behavior is equivalent? "I don't like the way one person who does open source acts, so I won't bother with any open source. I'll just take my marbles and go home!"

So long, open source won't miss ya!

Re:Theo (4, Interesting)

ScouseMouse (690083) | more than 8 years ago | (#15531422)

The fact that he *does* stick to his principles despite people telling him just how out dated and un-capitalist he is, is the reason i *do* use open source.

The problem is that Manufacturers seem to have the idea that they can dictate terms to the people who produce software to run on their hardware. Unfortunately, In the majority of cases, that appears to actually be the case.

The insulting thing in the original email was that he should be expected to comprimise his principles to support other people's profit, and as he is *not* being paid by Hifn, I personally see that it is well within his rights to not support the hardware in question.

Perhaps if you went up to some Civil rights protestor in the 1960's and said that this entire equality thing was a bit silly, and they should just accept these limitations, because its convenient for the asker, you may get a similar response.

Yes, i know this is a bit contrived, however, its worth noting that there are people who consider this sort of thing a matter of Civil rights. The right to be able to do whatever you want with the electronics in your computer, as opposed to what someone you have never met tells you.

Some people do consider this sort of thing a huge insult, and if putting it in plain language offends you enough that you dont use open source software, then i feel sorry for you. Your missing out on a lot of great software written by people who love what they do, however thats your choice.

Re:Theo (1)

gowen (141411) | more than 8 years ago | (#15531529)

One can stick to one's principles without being a whiny little shit about it.
Do you suppose Gandhi stooped to immoderate language like that?

The opinions that de Raadt expressed could have been expressed far more clearly and far more politely.
Being a tosser alienates people, and anyone who alienates people when there is no need to is basically a sociopath.

Re:Theo (0)

Anonymous Coward | more than 8 years ago | (#15531557)

"Whiny little shit"? "Tosser"? "Sociopath"? You are a hypocrite.

Re:Theo (2, Insightful)

Casualposter (572489) | more than 8 years ago | (#15531488)

And Microsoft's Ballmer throws chairs, so do you not use Microsoft products because a chief executive acts like a five year old throwing a temper tantrum because something didn't go his/her way?

Adults are children with breeding rights.

Re:Theo (0)

Anonymous Coward | more than 8 years ago | (#15531522)

Calling their products "crummy" and threatening them with driver deletion if they don't stop "baiting" you is not a way to get what you want.

why not? it works for microsoft.

Well, theres a surprise. (5, Insightful)

gowen (141411) | more than 8 years ago | (#15531132)

That's a typical OpenBSD discussion, in which Theo DeRaadt
i) is basically right
ii) still manages to sound like spoiled whiny tosser in the process.

Re:Well, theres a surprise. (3, Funny)

flumps (240328) | more than 8 years ago | (#15531165)

... but most of slashdot is like that isn't it? You should be used to it by now :)

Minu5 3, Troll) (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15531133)

the rain..we can be also dead, its Hapless *BSD knows that ever other m"embers in notwithstandi(ng, into a sling unless

Personal Info == Legal Tender (5, Interesting)

TripMaster Monkey (862126) | more than 8 years ago | (#15531148)



From Theo's response:
"50 personal questions" is not open access. Please don't lie about it.


Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source. This position may currently be confined to OSS in general and the HIFN question in particular, but it's not difficult to imagine this argument generalized to apply to any situation in which an entity requests personal information. Personal info needs to be treated as the valuable commodity that it is...kudos to Theo for taking a stand on this issue.

Theo also addreses something many of us here are worried about:
>Registration at our extranet is required along with an email address
>that can be confirmed. We cannot support anonymous FTP or http
>downloads. The reason for this is that we are required by the
>conditions of our US export licenses to know who and where our customers
>are. If anyone objects to registration then we could not sell them
>chips anyway so it does not seem an unreasonable restriction to us.

So the personal information you ask for in the registration process
will be given to the US government if they ask? Without court
documents demanding the information?


Even disregarding the 'personal info == currency' argument outlined above, this objection stands on its own. HIFN is basically stating that yes, the info gathered will be handed over to the U.S. government on request, to satisfy their licensing requirements. This alone is a deal-breaker.

Theo sums his entire argument up beautifully here:
We are not your customers. YOU ARE OUR CUSTOMER. Our driver sells
your chips.

I know that our hifn driver has some problems. But because I cannot
get data sheets without giving you private information, I will not
spend even one moment more of my time to improve support for your
products. Jason and I spent a lot of time writing that code in the
past, but because your policies are privacy invasive towards us, and
thus completely thankless for the sales that we have given you in the
past -- we will not spend any more time on your crummy products.


Well said, Theo. I for one don't care to support a company who engages in such practices, and I would rather see no support for a product than half-assed support, because the driver writers were not allowed full, unfettered access to the data sheets.

And finally from Theo's response:
And if you continue baiting me, I will delete the driver from our
source tree.

I stand by my statement that HIFN is not open.


Don't just say it, Theo, do it. If you stand by your statement, then HIFN has no place in the source tree, and should be deleted immediately.

Re:Personal Info == Legal Tender (1)

Tim C (15259) | more than 8 years ago | (#15531312)

I for one don't care to support a company who engages in such practices

Well, it would appear that a condition of obtaining an export licence for their products is that they be able to identify their customers. This condition was stipulated by the US government (or an agency thereof), so it would appear that Hifn had a choice: agree, or not export their products.

From what I've read so far at least, it would appear that you do not care to support a company that complies with the law and demands of its government? I'm not trolling, so please tell me what I'm missing.

Re:Personal Info == Legal Tender (2, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15531416)


Well, it would appear that a condition of obtaining an export licence for their products is that they be able to identify their customers.

This is entirely beside the point. The driver writers are not customers.

Documentation of a product is not restricted by export licenses pertaining to that product...only the product itself is restricted.

Re:Personal Info == Legal Tender (2, Insightful)

mytec (686565) | more than 8 years ago | (#15531457)

Theo isn't asking for a product. He is asking for documentation (data sheets). Further, as the email points out, he isn't looking for documentation regarding unreleased products, etc. but for documentation that was *freely* available eight years ago. Additionally he points out that other *crypto* companies provide information that is more available. What is unclear to me though is whether or not those companies he vaguely mentions are US companies.

Re:Personal Info == Legal Tender (1)

mrchaotica (681592) | more than 8 years ago | (#15531514)

What you're missing (aside from what the other replies have said) is that a third party's compliance with the law is not OpenBSD's problem. If compliance with US law and OpenBSD's polices are mutually exclusive, then Hifn is either simply screwed, or should move to another country. OpenBSD, however, should not be obligated to change policy.

Re:Personal Info == Legal Tender (1)

walt-sjc (145127) | more than 8 years ago | (#15531322)

Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...

I think you are taking it too far. It's much more simplistic than that.

Open means just that: Open. By using a closed registration-required access system, it's not open.

Given our current government's "anti-terrorism" activities which is turning the US into a police state, is VERY likely that companies will be required to devulge this registration information to the FBI for investigation (it may already be happening.) Hell, when even your library reading habits are under government scrutiny, is it a stretch to go there?

Re:Personal Info == Legal Tender (1)

TripMaster Monkey (862126) | more than 8 years ago | (#15531373)


I think you are taking it too far. It's much more simplistic than that.

I think you might be right...but I would still like to see this become a sounding-board for the issue of personal data as commodity. Codifying how personal data can be collected, how the data can bee stored and used, and especially how the owners will be compensated for the loss or misuse of said data, can only be beneficial, especially in this day and age.

Given our current government's "anti-terrorism" activities which is turning the US into a police state,

I think past-tense would have been more appropriate there...

is VERY likely that companies will be required to devulge this registration information to the FBI for investigation (it may already be happening.)

Not required....merely 'persuaded' (look to the phone companies for a good example).

Re:Personal Info == Legal Tender (1)

ObsessiveMathsFreak (773371) | more than 8 years ago | (#15531553)

Theo is essentially taking the position that personal information is tantamount to currency, and therefore, requesting personal info is tantamount to charging...hence, HIFN can no longer be considered Open Source.

Considering that marketers and their ilk pay handsomely for personal data, legitimately obtained or otherwise, it's safe to say that personal information isn't just tantamount to currency. It has a concrete monetary value. They are charging you, in a very real sense. You could seel your personal information for real cash, yet they want you to give it away in exchange for "something", then claim they are not charging you.

Baah! Just dump the driver I say. these chumps aren't worth the time.

Export regulations? (2, Insightful)

nonmaskable (452595) | more than 8 years ago | (#15531154)

I didn't see any useful discussion of the key point in Cohen's email:


Registration at our extranet is required along with an email address
that can be confirmed. We cannot support anonymous FTP or http
downloads. The reason for this is that we are required by the
conditions of our US export licenses to know who and where our customers
are. If anyone objects to registration then we could not sell them
chips anyway so it does not seem an unreasonable restriction to us.


With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD.

Re:Export regulations? (2, Interesting)

tygerstripes (832644) | more than 8 years ago | (#15531199)

Please see previous post - I really don't see how this is supposed to be a violation of export licences! Export is sale overseas (please don't attack, pedants; I'm generalising). This is information which, according to HIFN, is "open" ie freely obtainable. We're not talking about the chips here, are we? Just the information about them.

I'll be the first to admit I may be missing something obvious, but would genuinely appreciate being told what it is. In affable tones, if it's not too much to ask.

Re:Export regulations? (3, Informative)

nonmaskable (452595) | more than 8 years ago | (#15531358)

I really don't see how this is supposed to be a violation of export licences

AFAIK (and IANAL), detailed hardware documentation is considered the same as the product under the export license laws. Cryptographic technology actually falls under an even more restrictive license class - munitions.

http://en.wikipedia.org/wiki/Export_of_cryptograph y [wikipedia.org]

Read the "Current Status" section. My point is that Hifn isn't "baiting" anyone. You might disagree with their lawyer or think it's your right to demand that Hifn fight "the man", but that's another issue.

Re:Export regulations? (3, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15531482)


AFAIK (and IANAL), detailed hardware documentation is considered the same as the product under the export license laws.

Please post links supporting this contention, or withdraw it.

Cryptographic technology actually falls under an even more restrictive license class - munitions.

Whle this is true, the source code can still be legally exported in written format, since it falls under Free Speech.

From this article [goingware.com] :

And interestingly, you can't ban the export of a book, because a book is a form of free speech, and free speech is protected by the first amendment to the United States Constitution. So when a new version of PGP becomes available in the United States, it's source code is simply published in book form and mailed overseas, where the source can be retrieved by scanning it and using inexpensive optical character recognition software to convert the printed pages back to machine-readable program text files.
Given that, as you stated, crypto falls under the even more restrictive license class of 'munitions', if you can export PGP source code without violating U.S. export restrictions, I'm betting you can export data sheets too.

My point is that the HIFN's explanation of their requirement for personal info to satisfy their U.S. export license is pure codswallop, your nonsensical comments about HIFN 'fighting the man' notwithstanding.

Maybe not? (1)

Frosty Piss (770223) | more than 8 years ago | (#15531394)

Maybe, but I think the disclosure of the source to someone "overseas" is the same thing to the government (IANAL, blah, blah, blah...). For example our friend PGP and its derivatives. All of the concepts and algorithms are pretty much freely available too, but there is that pesky requirement to "prove" you are in the US before download, right?

What do you think this is, dark ages redux? (0)

Anonymous Coward | more than 8 years ago | (#15531211)

There are no US export controls on computer hardware documentation. Any computing device can be used for crypto and even if the US reclassified the lot as munitions, you would still be permitted to explain how such a device would function.

Re:What do you think this is, dark ages redux? (1)

Bilestoad (60385) | more than 8 years ago | (#15531231)

Typical uninformed hand-waving from an AC. Yes, there are controls on certain computer hardware documentation.

Re:What do you think this is, dark ages redux? (1)

TripMaster Monkey (862126) | more than 8 years ago | (#15531258)


Please provide links supporting this contention.

Would that not be... (4, Interesting)

Phil John (576633) | more than 8 years ago | (#15531269)

Would that not be on documentation that explained exactly how the chip worked and not just how to send and receive bits from it?

If this is the case with HIFN, why do some other hardare companies in the same field not have the same restrictions?

There was a good comment made later in the thread:

Perhaps you can talk to your legal counsel and actually break out the documentation needed for these open source drivers into a separate and truly open to the "general public" anonymous download site. I doubt that the documentation that is being requested by developers is putting you in violation of US Export Regulations
....snip....
I understand it's very easy these days for attorneys to just say put everything behind your registration only access extranet to be safe. This is not acceptable and, in my opinion, is not open to the general public like you stated.

That sums up my thoughts much more succinctly.

Re:What do you think this is, dark ages redux? (1)

Qzukk (229616) | more than 8 years ago | (#15531477)

Can you point to the law that created these controls? PGP was published as a book for the purpose of export (see here, search for "State Department seems to think that books are exportable, while software is not" [toad.com] ). There was no such rule at the time (at one time, Zimmerman was claimed to have uploaded pgp to a foreign mirror, but at no time was this book called into question), and as far as I know, since then encryption controls have become only more lax at the complaints of companies unable to compete with foreign companies who had no such restrictions.

Re:Export regulations? (2, Interesting)

Adam Hazzlebank (970369) | more than 8 years ago | (#15531214)

With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD.

It does raise an interesting point, should you effectively boycott a company because of the restrictions the government puts on it?

Re:Export regulations? (2, Insightful)

giorgiofr (887762) | more than 8 years ago | (#15531261)

OF COURSE we should. That's the best way to show the gov't we don't like market regulation in any shape or form. When the big industries take their ball, go play somewhere else with sensible laws and the economy suffers utter and complete collapse, maybe they'll get the message.

Re:Export regulations? (1)

Luscious868 (679143) | more than 8 years ago | (#15531391)

If you think the answer is to that question is yes then stop using Google.

Re:Export regulations? (1)

mrchaotica (681592) | more than 8 years ago | (#15531547)

And don't use Yahoo or MSN either, right? So then the question becomes, "what search engine should we use?"

Re:Export regulations? (5, Informative)

Toy G (533867) | more than 8 years ago | (#15531280)

Documentation on how to interface with the hardware chip is NOT covered by export regulations. Only the actual chip, and its design specifications in regard to implemented algorithms, are covered.
Hence, the docs that OpenBSD folks need (and had access to, until a few years ago) are NOT covered.

The choice is between "giving back access to documentation to allow developers to work with your hardware" or "keep track of developers for marketing purposes".
Export regulations enter the picture only if you don't know them.

Re:Export regulations? (1)

tokul (682258) | more than 8 years ago | (#15531345)

"If guns are outlawed, only outlaws will have guns."

If you know that your country is restricted by US export regulations, what would you say when US company asks to provide personal information. Yes, I live in US. Ship your product to Havana, please.

How does this sort of exaggerated response help? (4, Insightful)

rsidd (6328) | more than 8 years ago | (#15531205)

Theo repeatedly claims that the site wants "approximately 50 personal questions". I looked, and there are only 11 questions with required answers, of which I can only construe two (office phone number, and office address) as invasive of Theo's privacy. (I assume everyone knows Theo's name and email address, from the mailing lists.)

If he objects to providing that information, he can say so, but this sort of easily-refuted hyperbole doesn't help.

Re:How does this sort of exaggerated response help (1)

thethibs (882667) | more than 8 years ago | (#15531306)

The sensitive information is not Theo's address or phone number. It is the fact that Theo, or you, or I, downloaded the data sheet for a crypto device. In the recent past, and possibly again under a future government, that in and of itslf could be considered suspicious behavior.

For an off-the-wall point of view, consider that crypto is still officially "munitions"--arms. Maintaining a registry of citizens in possession of such arms is arguably a violation of the Second Amendment.

Re:How does this sort of exaggerated response help (1)

arose (644256) | more than 8 years ago | (#15531375)

I can see it possibly beeing sensitive information about you or I, but Theo is known to develop OpenBSD...

Re:How does this sort of exaggerated response help (1)

kjs3 (601225) | more than 8 years ago | (#15531503)

Download a data sheet for a crypto device: suspicious behavior. Write a device driver for a crypto device: somehow not suspicious?

Sorry...that doesn't work.

Oh for pity's sake... (5, Informative)

tygerstripes (832644) | more than 8 years ago | (#15531252)

Due to lazy moderation and posting, there now appears to be no point in posting anything as a reply, so I'll ask again what I think is a pertinent question as a main post:

How would this violate US Export Licences???

Fine, don't export chips overseas without knowing who you're selling to, but documentation? For driver developers no less?? When Hifn themselves are trying to say that this information is open and free???

This is the key point of Theo's argument, surely: that Hifn are not at all obliged to demand this information, and therefore are going against the principles of open access/source by demanding it. Can someone please explain what I'm missing here.

Re:Oh for pity's sake... (3, Interesting)

TripMaster Monkey (862126) | more than 8 years ago | (#15531305)


How would this violate U.S. Export Licenses

It wouldn't. Exporting documentation...even source code...is protected as Free Speech, provided the export is in book format.

From this article [goingware.com] :

And interestingly, you can't ban the export of a book, because a book is a form of free speech, and free speech is protected by the first amendment to the United States Constitution. So when a new version of PGP becomes available in the United States, it's source code is simply published in book form and mailed overseas, where the source can be retrieved by scanning it and using inexpensive optical character recognition software to convert the printed pages back to machine-readable program text files.

If you can export PGP source code without violating U.S. export restrictions, I'm betting you can export data sheets too. Therefore, HIFN's argument is invalid.

Re:Oh for pity's sake... (1)

91degrees (207121) | more than 8 years ago | (#15531309)

How would this violate US Export Licences

A valid question, but I suspect the company is being a little more careful, and asking if they can be absolutely sure that it doesn't violate US Export licences.

Actually, I think the restriction only applies to code in computer readable formats (i.e. source code and executable binaries). Not documentation, so it seems they're playing extremely safely here.

MOD UP (1)

PetriBORG (518266) | more than 8 years ago | (#15531397)

Thats exactly it man, the export requirements of the US gov don't require documentation on the hardware to be protected. I don't think you're missing anything, Theo is right, you shouldn't have to click on some agreement and fill out crap to download documentation. Even if 11 fields only required, those fields are for ton of info... Full name(2), company, title, phone, full address (5), and relationship... I don't give that info out to anyone unless I absolutely have to for payment.

Re:Oh for pity's sake... (0)

Anonymous Coward | more than 8 years ago | (#15531470)

How would this violate US Export Licences??? From http://frwebgate.access.gpo.gov/cgi-bin/get-cfr.cg i?TITLE=22&PART=121&SECTION=1&YEAR=1999&TYPE=TEXT [gpo.gov]

Military cryptographic (including key management) systems, equipment, assemblies, modules, integrated circuits, components or software with the capability of maintaining secrecy or confidentiality of information or information systems, including equipment and software for tracking, telemetry and control (TT&C) encryption and decryption.
Since the docs (of course) contain code samples in electronic format under US Govt regs the whole electronic doc is now considered verboten. So Hifn is complying with US Govt. regs without having the balls to say so. Fuck'em, someone will come out with something better soon enough.

real data (1)

asdomar (933346) | more than 8 years ago | (#15531268)

theo is right in theory, and I support him.

anyway who uses real data on those annoying forms? use bugmenot.

Abusive much? (4, Insightful)

thePowerOfGrayskull (905905) | more than 8 years ago | (#15531274)

While I whole-heartedly agree with the point Theo was making in his article, I can't help but think that engaging in hyperbole (50 questions? ~25 is accurate) and verbally abusing and threatening the vendor is going to help in any way.

Re:Abusive much? (1)

thePowerOfGrayskull (905905) | more than 8 years ago | (#15531288)

Before anyone else takes glee in pointing out the obvious, I meant "his message" and not "his article".

Re:Abusive much? (1)

mike_the_kid (58164) | more than 8 years ago | (#15531421)

Well, it certainly generates publicity for OpenBSD. If Theo always replied with political, non-inflammatory statements to everything, it would be a different product. But I doubt it would be as talked about.

Figure either way, hifn was not going to open the docs and thus not be supported. At least this way they got a bit of attention on Slashdot, a little more mindshare, etc.

Sort of, "I don't care what people say about me behind my back, as long as they're talking about me."

Whats the point of export restrictions anyway? (1)

fmoliveira (979051) | more than 8 years ago | (#15531284)

Everybody know its already very easy to have good encryption outside the US. And how did they expect information to be available to their entire population and not leak outside their borders?

Re:Whats the point of export restrictions anyway? (1)

kfg (145172) | more than 8 years ago | (#15531504)

They encrypted it.

KFG

Stand by your principles (1)

ABoerma (941672) | more than 8 years ago | (#15531291)

Well, I can't say I disagree with Theo. The 'Open' in OpenBSD loses its meaning if you use such non-free documentation. And it's not as if the OpenBSD team has any obligation to include Hifn drivers.

Give it a rest, Theo. (3, Insightful)

Ritchie70 (860516) | more than 8 years ago | (#15531292)

OK, great. This info was freely available on their web site 8 years ago. So?

You know what, if you'd wanted this 15 years ago, you would have phoned them up, given them the EXACT SAME INFO THEY'RE ASKING FOR on their web site, and they would have mailed it to you.

And a sales-person might have called to see if you wanted to buy some chips.

Theo's "50 questions" is email, name, company name, title, address, phone number, and "what is your project? What is your role? When do you want to buy some chips?" How about a little reality here. Theo does some great stuff, but that doesn't mean he gets to bend how the world works to his will.

Just like the "I don't get any donations" rant from him a bit ago, he just doesn't seem to be well grounded in business realities. If you want donations, you need a tax-exempt foundation, not "make checks out to Theo." If you want data sheets, you might have to tell the company who you are and why you want them.

Re:Give it a rest, Theo. (0)

Anonymous Coward | more than 8 years ago | (#15531419)

If you want donations, you need a tax-exempt foundation, not "make checks out to Theo."

Creating a US-based tax-exempt foundation specifically to export money to Canada is almost impossible. Lack of such foundation hasn't stopped any of the people and companies listed on http://www.openbsd.org/donations.html [openbsd.org]

Re:Give it a rest, Theo. (1)

Sigma 7 (266129) | more than 8 years ago | (#15531480)

OK, great. This info was freely available on their web site 8 years ago.


A moot point, since developers are *NOT* guarenteed to remain on the project for 8 years.

If the docs are not available, then only the developers who managed to obtain the docs legally can consider working on that portion of the code. No new developers means that support will drop sooner or later - might as well drop it right away rather than wait for it to enter disrepair.

You know what, if you'd wanted this 15 years ago, you would have phoned them up, given them the EXACT SAME INFO THEY'RE ASKING FOR on their web site, and they would have mailed it to you.


A lot can happen in 15 years - specs change, newer designs come out, etc.

Re:Give it a rest, Theo. (0)

Anonymous Coward | more than 8 years ago | (#15531519)

what a load of toss. the only reason they ask any questions other than name and email address is data mining. if you believe otherwise your a fool.

Whinge whinge whinge.. (3, Informative)

mcbridematt (544099) | more than 8 years ago | (#15531294)

"Jason and I spent a lot of time writing that code in the
past, but because your policies are privacy invasive towards us, and
thus completely thankless for the sales that we have given you in the
past -- we will not spend any more time on your crummy products."


Sales?

Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.

If you want drivers for "less mainstream OS'es", please attach your request to a large multi-mega-million part order from <insert vendor here>. If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.

Re:Whinge whinge whinge.. (3, Insightful)

91degrees (207121) | more than 8 years ago | (#15531374)

Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.

I wouldn't be surprised if a lot of their customers were BSD users. It's quite a common OS in the sort of application this chip is designed for.

If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.

PowerVR released a linux driver for the Kyro 2. The only people who would have had any interest in that were the geeks playing TuxRacer.

What makes you think the Linux geek market is so small? A lot of Linux nerds are early adopters, and are quite likely to choose one high end graphics card over another simply because it will run on their Linux partition. Half a million slashdot readers may not be the bulk of their market, but it's probably worth something.

Re:Whinge whinge whinge.. (1)

tomstdenis (446163) | more than 8 years ago | (#15531386)

People buying crypto accelerators tend not to be the same "Best Buy Shopping ooh wow 3 GigaHurts" type of people.

If you're doing hardware crypto you're going custom and using BSD wouldn't be a far stretch.

Tom

registration is better than no registration (2, Insightful)

m874t232 (973431) | more than 8 years ago | (#15531326)

When companies impose weird intellectual property restrictions on their data sheets, then I'm all for making the process of getting the data sheets as cumbersome as possible--that way, FOSS developers will at least become aware that there is something funny going on.

Some other vendors hide a restrictive license ("if you look at this, we own stuff you do with it") somewhere in the documentation or behind a "Read This License" link, but people who look at the documentation never notice.

Theo is right (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15531329)

OpenBSD could really care less about Hifn in the long run. Someone stated that Theo thinks his personal information is like currency. It is. The US government would love nothing more than to learn who uses crypto devices and they have no right to that information. Thankfully, OpenBSD is based in Canada and not in the US. The US has long been opposed to crypto among the masses but cannot really do anything about it. This president is doing his damndest to crack down on anyone and anything that even remotely smacks of anti-US sentiment, policy, etc.

OpenBSD should delete the driver and move on. It would not take that much capital to devise you own crypto chip sets, write the drivers and then have the Chinese or Koreans build them for you. OpenBSD could sell the chips and the drivers and fund itself in the process.

Go OpenBSD!

Theo is the man (2)

brennz (715237) | more than 8 years ago | (#15531333)

I like Theo. The more of his statements I read, the more I appreciate his no compromise, take no prisoners approach.

50 personal questions sounds way beyond overkill. I've downloaded plenty of export controlled software, with merely a few questions.

My guess is, Hifn like many other companies, gives everything to their sales folks, or worse, resells it. Can you blame Theo for taking offense, when they want 50 personal questions answered?

BTW, is this the signup? http://extranet.hifn.com/home/anonymous/?workflow= signupapp [hifn.com] or just part of it? That part about the NDA bothers me.....

The a game of trust (0)

Anonymous Coward | more than 8 years ago | (#15531352)

Theo de Raadt said:
8 years ago all the above data sheets were fully available for download without any registration. Then about 5 years ago hifn closed up completely, and documentation was totally unavailable. About 2 years ago hifn went to this new model of "answer 50 personal questions".

"50 personal questions" is not open access. Please don't lie about it.

Other crypto chip vendors make their data much more easily available.
WWBSD (What would Bruce Schneier do)? There's the answer.

Re:The a game of trust (1)

wolfponddelta (922904) | more than 8 years ago | (#15531449)

No, it's WWBBD. Brian Boitano. Now everybody sing along!

"50 personal questions"? (2, Interesting)

hotspotbloc (767418) | more than 8 years ago | (#15531367)

Does anyone know what they were besides what's on the first sign up page?

Theo's behavior doesn't help the cause... (0)

Anonymous Coward | more than 8 years ago | (#15531379)

It's one thing to have a legitimate gripe. It's another to turn that gripe into useful action to get what you want/need. While Theo's behavior might be amusing to fellow BOFH-types (like me), it is only going to further maginalize OpenBSD and has no chance of success. Insulting the person with the ability to give you what you want, and then stamping your feet about how much "sales" he'll lose by not complying seems more like something I'd see in a middle school locker room than a boardroom. A shame....

Someone has to take a stand... (2)

Jerom (96338) | more than 8 years ago | (#15531385)

... and lately the only OS focussing on fais seems to be openBSD. Thanks for fighting for OUR long term freedom again Theo.(Also a thank you to RMS). The one PC I have left at home runs OpenBSD and i BUY every new release.

Kudos to Theo and the openBSD team

J.

Data-Mining made easy (1)

Tsu Dho Nimh (663417) | more than 8 years ago | (#15531402)

This is so the sales department can have an easy time pushing product. I'll bet anyone who signs up gets a call from the Hifn sales-droids within a week after they download the datasheet, if not before they grant access.

There is another option... (0)

Anonymous Coward | more than 8 years ago | (#15531413)

Someone downloads the data sheets using a foreign address or bogus US address and a mailinator.com email address and then shares the data sheets with the people that need them for the development. This can be done every few months and then a diff done on the data sheets to make sure everyone has the latest information.

Re:There is another option... (1)

someone1234 (830754) | more than 8 years ago | (#15531549)

Why the fuss, there should be a similar chipset without all this bother.

RTFM and Fix the Hifn support? (0)

Anonymous Coward | more than 8 years ago | (#15531424)

I recently bought a Soekris 4801 system and a VPN1411 mini-PCI crypto card for VPN acceleration, stuck OpenBSD 3.9 on it and was disappointed to find that it was buggy as heck. I could only transfer about 90 megabytes via an IPSEC ESP tunnel before the card locked up and I had to reboot the system to get it to work again.

It wasn't just the one board either since I tried 4 different ones with 4 different Soekris 4801 boards as well and they all lock up under OpenBSD 3.9. I've seen this has been a problem in the past and I would've thought they would correct it now. I guess I should try FreeBSD instead and see if it has similar problems with this crypto card (which is based on a Hifn chipset by the way).

At least now we know.. (0)

Anonymous Coward | more than 8 years ago | (#15531459)

what the theme of the 4.0 release song will be. :)

The Government doesn't know Theo? C'mon! (1)

surfinbox (602851) | more than 8 years ago | (#15531467)

Realistically, isn't it a bit naive that the government doesn't have the ability to gather these fields of data on Theo from any other means, including a phone book?
The info == currency nonsense breaks down when you look at the personal information being collected.
Signing the NDA is another matter and has covenants that restrict use/distribution, which I would think is the meat of a sound objection to HIFN's practices on this matter.

Sign up (2, Insightful)

webmistressrachel (903577) | more than 8 years ago | (#15531472)

It seems from the general tone of comments that nobody has actually signed and looked at this site. First, an earlier poster was correct in saying that there are much fewer questions than 50; and your email is verified (no different from many other companies and sites).

I have signed up, the confirmation arrived within seconds and on the welcome is a message it may take several hours for a sysadmin to allow access - but no, I'm downloading PDF's straight away so it must be automated.

It's just marketing; but Theo is right about that not being completely free, as in free speech.

The article mentions "liberalisation", it seems that they're leaning to the left, but they're not actually left in their ideas and business model. Dump the driver.

How I read the "conversation." (0)

Anonymous Coward | more than 8 years ago | (#15531486)

I don't know more about Theo or the company's man, Mr. Cohen than I've read in previous msgs, but I have been following the world like a mosquito hunting an elephant. That said, I think Theo hinted at "private truth" when he wrote "You tried to **pacify** me in private mail," and "... if you continue **baiting** me, I will delete the driver from our source tree."

I believe "nonmaskable's comment above, "With a choice between "make Theo happy" and "violate export regulations" it doesn't seem like Hifn is exactly trying to "bait" Theo or OpenBSD," is very well made.

Because one person imagines himself (or another) to work for $ and another imagines himself/claims to work for a greater good, doesn't alter the fact that both are devoting their time, energy, and natural gifts in ways that, given a slightly enlarged world view may move rather quickly from discord to harmony. Many folks working with computers are *in a hurry.* They imagine there is something more important than the quaint ways of patience, common courtesy, and a wish to build a harmonious (boring?) community. I can appreciate the fact that Theo perceives (and, in fact, may be correct) that Mr. Cohen/Hifn are "playing" with him and the Open Source community, but consider a later reply on the list made here
                  http://marc.theaimsgroup.com/?l=openbsd-misc&m=115 022926623419&w=2 [theaimsgroup.com]

It reads much more reasonably to me, yet, I think it encourages a similar result. I don't know what the "real" problem is, but I imagine that the more suppliers for hardware that is openbsd compatible [i.e., full and easy doc access] the better for the average openbsd user,... except, there's more "work" for folks like Theo,... and maybe that's what's going on here. Perhaps, he's looking for a single supplier that will appreciate his point of view and do his bidding without questioning his authority. If that's the case, I can't blame him,... it would be nice,... but the future is so hard to predict,... well, at least for me it is.

Best regards and hopes that harmony will evolve with a small reduction of publicized angst,
Gerry

ps - thanks for the space

HUGE problem with Open Source projects (0)

Anonymous Coward | more than 8 years ago | (#15531524)

Is there anyone in their right mind who believes that Theo ranting at this guy, calling him names, calling the company's products crummy, and making threats is going to improve the situation? C'mon. This works about as often as construction workers whistling at female passersby.

Like a lot of us, Theo is great at what he does and awful, absolutely awful, at personal interactions with others. In any sort of professionally structured organization, Theo would be let loose on the technical problems - but kept miles away from any kind of PR situation where his outbursts can only do damage.

But guys like Theo are our public face. What's wrong with that picture?

If only Linux People would do this! (1)

putko (753330) | more than 8 years ago | (#15531552)

It would be great if the Linux crowd would do stuff like this too.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...