"People who had problems with unsupported Atheros devices (single chip variants found in recent laptops, macbooks, etc.) should get the latest code from CVS and test it..." OpenBSD Reyk Floeter announced regarding recent improvements to his reverse engineered HAL adding support for 11b mode. He noted that the new code wasn't without fault yet, adding, "hacked and tested in the Melbourne Museum during the AUUG 2007..." Reyk explained the changes in his commit message:

"The newer single chip Atheros wireless chipsets like the AR5424, AR2423 etc. are mostly compatible to the AR5212 but use a different algorithm to set the 2GHz RF channel, that's why they didn't work in OpenBSD. I figured out that the channels were set with an offset, setting channel 11 in the driver caused the hardware to set channel 5 etc. Because I didn't figure out the pattern to fix the algoritm yet, I fixed it in a workaroundish way by defining a small 'table' with offsets for the 11b channels to get the right results. For example, if we want to set channel 11 (2462MHz), we add an offset of -30MHz, and feed the result (2432MHz ^= channel 5) into the unmodified AR5212/AR5112 RF setup function.

"Long description for a commit message, but it needed some time to figure it out. It is still not perfect, needs some more work, and it doesn't work in all cases; but it allows to use newer chipsets in 11b mode restricted to 1 or to 2Mbit/s. 11a mode seems to work without problems so far."

The OpenBSD project maintains a six month release cycle, with the upcoming 4.2 release officially scheduled for November 1'st. Each release includes a song relevant to current issues faced by the project. For this release the song is titled "100001 1010101", about which OpenBSD creator Theo de Raadt notes, "it is designed to sound like a mid-era Rush song, ie. something from Grace Under Pressure or such. And there's a few easter eggs hidden in the song as well. It also explains the inside sleeve image..." The referenced image shows a marathon between some of the different operating system mascots, running a a race through often hostile looking surroundings, fraught with distractions. Toward the bottom is an obvious reference to the recent issue of relicensing BSD code under the GPL, in which Puffy, the OpenBSD mascot, shows a map to Tux, the Linux mascot, and the latter takes off with it. The OpenBSD lyrics page explains that BSD code is shared with all, even non-open-sourced projects who respect the license and frequently return code, "we fully admit that some BSD licensed software has been taken and used by many commercial entities, but contributions come back more often than people seem to know, and when they do, they're always still properly attributed to the original authors, and given back in the same spirit that they were given in the first place." Theo noted, "that's the best we can expect from companies," going on to add, "but we can expect more from projects who talk about sharing -- such as the various Linux projects." He explained:

"Now rather than seeing us as friends who can cooperatively improve all codebases, we are seen as foes who oppose the GPL. The participants of "the race" are being manipulated by the FSF and their legal arm, the SFLC, for the FSF's aims, rather than the goal of getting good source into Linux (and all other code bases). We don't want this to come off as some conspiracy theory, but we simply urge those developers caution -- they should ensure that the path they are being shown by those who have positioned themselves as leaders is still true. Run for yourself, not for their agenda.

"The Race is there to be run, for ourselves, not for others. We do what we do to run our own race, and finish it the best we can. We don't rush off at every distraction, or worry how this will affect our image. We are here to have fun doing right."

A thread on the OpenBSD-misc mailing list compared the security of SELinux in the 2.6 Linux kernel to what's available in OpenBSD. The general opinion was that SELinux and its policy language are too complex, leading Damien Miller to note, "every medium to large Linux deployment that I am aware off has switched SELinux off. Once you stray from the default configurations that the system distributors ship with, the default policies no longer work and things start to break." Ted Unangst summarized, "the problem with security by policy is that the policy is always wrong."

Darrin Chandler suggested, "security should not be grafted on, it should be integrated into the main development process. I'm sure the patch maintainers are doing their best, but this doesn't change the fundamental flaw in the process. It's not a flaw of their making, it's inherent in the situation. But it's still a flaw." It was pointed out again that SELinux is part of the 2.6 kernel via LSM, to which Jason Dixon noted, "SELinux is a button. Buttons are easy to turn off. Darrin went on to say, "compare that to a complete operating system (OpenBSD) where security is part of code quality, and part of the normal mainline development." The security features in OpenBSD that were then discussed included propolice stack protection, random library mappings, proactive privilege separation, W^X, and systrace.

"We, the MadWifi team, announce our decision to move away from the binary-only HAL and change the focus of our future development towards ath5k, a completely free (as in freedom) driver which will eventually become an integral part of the Linux kernel," Michael Renzmann posted to the MadWifi development mailing list. The decision comes during continued debate surrounding what is and what is not allowed by the BSD license, and with no official statement yet from the SFLC. Much of the debate was due to an attempt to release BSD licensed files under the GPL, visible for example in the ath5k_hw.c source file which is still labeled as available "under the terms of the GNU General Public License" in the latest version of the file checked into the source repository linked from the MadWifi project page. It appears that actual development of the ath5k driver has been moved to Linville's git tree, where the license is now purely BSD, though debate remains as to what's required to be able to add additional copyrights to source code as have been added to the reverse engineered HAL code originally written by Reyk Floeter. In an earlier confrontation with Atheros, the work done by Reyk was determined to be free of copyright infringement:

"A driver for Atheros wireless cards is available in OpenBSD that talks directly to the hardware, based on reverse engineering efforts done by Reyk Floeter. Relevant parts of the driver have been ported to Linux by Nick Kossifidis to start OpenHAL, a free (as in freedom) replacement of the proprietary HAL. Claims that the OpenBSD driver (and thus also OpenHAL) contains stolen code slowed down the OpenHAL efforts but finally could be voided. The Software Freedom Law Center (SFLC), with the help of Atheros, performed a thorough code review and concluded "that OpenHAL does not infringe copyrights held by Atheros". In other words, the way is clear now for the inclusion of an OpenHAL-based driver into the Linux kernel."

"What is going on whenever someone changes code is that they make a 'derivative work'," began Theodore Ts'o. "Whether or not you can even make a derivative work, and under what terms the derivative work can be licensed, is strictly up to the license of the original. For example, the BSD license says: 'redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met....' Note the 'with or without modification'. This is what allows people to change BSD licensed code and redistribute said changes." Regarding code that is GPL'd, he added, "it is not a relicencing, per se, since the original version of the file is still available under the original copyright; it is only the derived work which is under the more restrictive copyright."

Disagreement continued as to whether or not the BSD license allows the addition of new copyrights on unmodified or minimally modified code. Another disagreement was over the continued existence of improperly licensed files in developer source code repository histories from when BSD licensed files had been changed to the GPL, a problem since fixed. Jeff Garzik explained:

"In a purely open development environment, even personal developer trees are made public. That's the way we _want_ development to occur. Out in public, with a full audit trail. Your implied ideal scenario is tantamount to guaranteeing that mistakes are never committed to a public repository anywhere. Mistakes will happen. Even legal mistakes. In public.

"What you are seeing is an example of mistakes that were caught in review, and corrected. That's how any scalable review process works... the developer reviews his own work. the team reviews the developer's work. the maintainer reviews the team's work. the next maintainer reviews. and so on, to the top."

As the Atheros driver issue continues to simmer on the OpenBSD -misc mailing list and the Linux Kernel mailing list, with debate continuing over when the license of source code can be altered or added to, Eben Moglen made a statement for the Software Freedom Law Center. He began by defending their own actions, "it might be useful to recall the first stage of this process, when OpenBSD developers were accused of misappropriating Atheros code, and SFLC investigated and proved that no such misappropriation had occurred? Wild accusations about our motives are even more silly than they are false." He went on to acknowledge, "we understand that attribution issues are critically important to free software developers; we are accustomed to the strong feelings that are involved in such situations. In the fifteen years I have spent giving free legal help to developers throughout the community, attribution disputes have been, always, the most emotionally charged." He added that the SFLC would be making no further statements until their work on this matter was complete, noting:

"Also, and again for the last time, let me state that SFLC's instructions from its clients are to establish all the facts concerning the development of the current relevant code (which means the painstaking reconstruction of several independent and overlapping lines of development, including forensic reconstruction through line-by-line code reviews where version control system information is not available), as well as to resolve all outstanding legal issues, and to make policy recommendations, if possible, that would result in all projects, under both GPL and ISC, having full access to all code on their preferred terms, on an *ongoing* basis, with full respect for everyone's legal rights. We continue to believe those policy goals are achievable in this situation. The required work has been made more arduous because some people have chosen not to cooperate in good faith. But we will complete the work as soon as we can, and we will, as Mr Garvik says, follow the community's practice of complete publication, so everyone can see all the evidence."

"Reyk and I have decided to show something from the private handling of this Atheros copyright violation issue," OpenBSD creator Theo de Raadt began in a posting to the OpenBSD -misc mailing list referring to the recent relicensing of OpenBSD's BSD licensed Atheros driver under the GPL. He noted, "it has been like pulling teeth since (most) Linux wireless guys and the SFLC do not wish to admit fault. I think that the Linux wireless guys should really think hard about this problem, how they look, and the legal risks they place upon the future of their source code bodies." He stressed that the theory that BSD code can simply be relicensed to the GPL without making significant changes to the code is false, adding, "in their zeal to get the code under their own license, some of these Linux wireless developers have broken copyright law repeatedly. But to even get to the point where they broke copyright law, they had to bypass a whole series of ethical considerations too." Theo went on to explain:

"I believe these people have received bogus advice from Eben Moglen regarding how copyright law actually works in a global setting. Perhaps the internationally based developers should rethink their approach of taking advice from a US-based lawyer who apparently knows nothing about the Berne Convention. Furthermore, those developers are getting advice freely from ex-FSF people who have formed an agency with an agenda. Some have suggested that the SFLC was formed to avoid smearing the FSF with dirt whenever the SFLC does something risky. Don't get trampled; there could be penalties besides looking unethical and guilty. Be really cautious, especially with things like this coming to mess with our communities."

Author of OpenBSD's hardware driver layer for wireless Atheros devices, Reyk Floeter, sent a query to the Linux Kernel mailing list regarding the recent licensing debate surrounding the Linux "ath5k" driver, "I'm still trying to get an idea about the facts and the latest state of the incidence that violated the copyright of my code, because I just returned from vacation." He continued:

"I'm very disappointed about this and I hope that it was a mistake, because it is very unfair and malicious against me and the OpenBSD community. I invested a lot of time to write the code and to make it work with as many chipsets as possible. And during the last years, the OpenBSD community helped to test and to improve the driver. I always liked the idea to port it to other operating systems, but now somebody harmed these efforts by violating the license."

Reyk explained that he has cooperated with developers porting his free Atheros driver from OpenBSD to other operating systems, "because it is a clear sign against hardware companies attacking the free software 'community' by releasing binary-only driver objects instead of free code or hardware documentation." He explained that he had worked with the developers who ported his driver to Linux as "OpenHAL", "we exchanged ideas, bug fixes, and small code snippets. They sent me some bug reports and I also looked at their changes and reported some functional problems. This was possible because they kept the license in place." Finally he expressed concern that this would no longer be possible if the license was changed, "somebody wants to cancel any options to cooperate by locking me out with a prepended GPL and an invalid copyright on top of it."

During the continuing debates regarding the legality and fairness of re-licensing BSD licensed code, it was asked why the BSD license couldn't be extracted from Windows applications known to include BSD licensed code. OpenBSD creator Theo de Raadt explained, "what you ran strings on is not 'source code'. It was the binary," pointing to the first clause of the BSD license used by the code in question which says, "redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer." He then quoted the second clause of the BSD license, "redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution," and added, "if you take your Microsoft documentation, and dig really deep, you will find the whole notice copied into it there. Go ahead, you'll find it."

Theo continued, explaining that earlier versions of the BSD license used in OpenBSD and other BSD projects still had the advertising clause which required all advertising materials for products using their code to include a notice stating, "this product includes software developed by the University of California, Berkeley and its contributors." He added, "and.. once again, older copies of Windows DID follow that rule, too, just like Sun and everyone else," noting that one exception was AT&T and the Unix System Laboratories, "who included modified BSD manuals in their Unixware commercial distributions, and that mistake resulted in USL losing the USL v BSDI & University of California lawsuit. (I have simplified the situation, s/losing/settling at a serious loss/)."

OpenBSD project creator Theo de Raadt detailed his concerns regarding BSD-licensed code and Dual-BSD/GPL-licensed code being re-licensed under only the GPL as previously discussed here, "honestly, I was greatly troubled by the situation, because even people like Alan Cox were giving other Linux developers advice to ... break the law. And furthermore, there are even greater potential risks for how the various communities interact." He went on to add:

"It may seem that the licenses let one _distribute_ it under either license, but this interpretation of the license is false -- it is still illegal to break up, cut up, or modify someone else's legal document, and, it cannot be replaced by another license because it may not be removed. Hence, a dual licensed file always remains dual licensed, every time it is distributed."

Theo then talked about cases where a significant amount of code is added or changed, "if you add 'large pieces of originality' to the code which are valid for copyright protection on their own, you may choose to put a different and separate (must be non-conflicting...) license at the top of the file above the existing license." He then suggested, "if you wish for everyone to remain friends, you should give code back. That means (at some ethical or friendliness level) you probably do not want to put a GPL at the top of a BSD or ISC file, because you would be telling the people who wrote the BSD or ISC file, 'thanks for what you wrote, but this is a one-way street, you give us code, and we take it, we give you you nothing back.'"

In a recent series of patches posted to the Linux Kernel mailing list, it was proposed that some imported Atheros wireless device drivers be re-licensed, some from a dual-BSD/GPL license, others from a modified BSD license, all to a pure GPLv2 license. Christoph Hellwig asked, "is this really a good idea? Most of the reverse-engineering was done by the OpenBSD folks, and it would certainly be helpful to work together with them on new hardware revisions, etc.." Luis Rodriguez suggested that there was no choice, "technically the best we can do is to leave the license as dual licensed, but keep in that technically that means nothing and is just for show, the GPL is what would apply as its derivative work and is the most restrictive license."

The patch series was also discussed on OpenBSD's -misc mailing list where it was asked, "is Reyk [Floeter] and others working on this drivers code dual licensed (from the diff it doesn't seem like it is, since I see a BSD 3 Clause)? Also say I submit a patch for this driver, does that mean this will have to be dual licensed also or can I choose if it is BSD 3 Clause or GPLv2?" Theo de Raadt replied pointing out that there are two parts to the driver, one part written by Reyk Floeter, and another part written by Sam Leffler, "Reyk's code is *NOT* dual-licensed under the GPL. He has explicitly stated that his code is not dual-licenced. The file have no GPL on them. He's the author, he said so. None else can add a GPL to it." He went on to note that the files written by Sam Leffler are dual licensed with the clause, "alternatively, this software may be distributed under the terms of the GNU General Public License ("GPL") version 2 as published by the Free Software Foundation," stressing that 'alternatively' means 'or', "that means that if anyone makes changes to that file and distributes it, after their changes are in the file then EITHER license will apply."

OpenBSD creator Theo de Raadt highlighted a recent commit to the NetBSD source tree saying, "if anyone had any doubt that our insistence on freedom was important, just read this." The referenced commit message describes an effort to work around issues with a blob that is included with NetBSD, something strongly avoided by the OpenBSD project. The commit message states:

"The Atheros HAL on MIPS uses %s7 as a general purpose register, but the rest of the kernel uses it to store the value of curlwp. Sam won't recompile the HAL for us (fair enough), and we can't modify the HAL to use another register because doing so could put us in breach of the license (v. crappy). So, do a save/set/restore on %s7 in KernIntr() and in the stubs that the HAL uses to call back into the kernel.

"Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files."

Bob Beck announced the creation of the OpenBSD Foundation with three directors including himself, Kjell Wooding, and Ken Westerback. "The OpenBSD Foundation is pleased to announce today it has completed its organization as a Canadian federal non-profit corporation and is ready for public interaction," the press release began, going on to explain:

"The OpenBSD Foundation has been formed for the purpose of supporting the OpenBSD project, and related projects such as OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. In particular it will act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD in any way.

"The OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms."

Theo de Raadt [interview] described an active effort by OpenBSD developers to work around "serious bugs in Intel's Core 2 cpu". He went on to explain, "these processors are buggy as hell, and some of these bugs don't just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code. As is typical, BIOS vendors will be very late providing workarounds / fixes for these processors bugs. Some bugs are unfixable and cannot be worked around. Intel only provides detailed fixes to BIOS vendors and large operating system groups. Open Source operating systems are largely left in the cold." He provided a link to the full errata (in PDF format) as well as a graphical overview, summarizing:

"Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare the hell out of us. Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware. Now Intel is telling people to manage the MMU's TLB flushes in a new and different way. Yet even if we do so, some of the errata listed are unaffected by doing so.

As I said before, hiding in this list are 20-30 bugs that cannot be worked around by operating systems, and will be potentially exploitable. I would bet a lot of money that at least 2-3 of them are."