Constantine Murenin offered a history of the OpenBSD hardware sensors framework during his talk at BSDCan 2008, describing how it was originally based on a port from NetBSD, then evolved and was eventually ported to all the BSDs. He also discussed his own involvement with the framework, having ported it from OpenBSD to FreeBSD as a Summer of Code project, and how his port was merged into DragonFly BSD. At the end of the talk, there were some interesting ecxhanges between Constantine and Poul-Henning Kamp, the latter explaining why he'd had the code backed out of FreeBSD and why he continues to oppose it being merged back in.
"The OpenBSD Foundation is pleased to announce that it has completed arrangements with the University of Alberta in Edmonton to host the 2008 Annual OpenBSD Developer's Conference (C2K8 Hackathon) from June 7 to June 15, 2008," stated an announcement by the OpenBSD Foundation, continuing:
"The facility support from the University of Alberta Computer Science Department will provide C2K8 the best facilities yet for the annual OpenBSD Developer Conference. C2K8 will be the 10th annual event of its kind. Previous hackathons have produced tools such as the PF firewall, OpenBGP, relayd and spamd, as well as innumerable critical improvements to OpenBSD, OpenSSH, and related projects.
"This year, the OpenBSD Foundation will disburse approximately $15,000 to support C2K8, enabling more than 50 OpenBSD developers from around the world to attend this important event. The Foundation thanks all who have generously donated the resources to make C2K8 possible."
"We are pleased to announce the official release of OpenBSD 4.3," began OpenBSD creator Theo de Raadt. "This is our 23rd release on CD-ROM (and 24th via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." He added, "as in our previous releases, 4.3 provides significant improvements, including new features, in nearly all areas of the system". Four platforms were listed as new or extended, including: sparc64 gained SMP support, "this should work on all supported systems, with the exception of the Sun Enterprise 10000"; hppa K-class servers are now supported; mvme88k gained SMP support on a couple of systems, and support for the 88110 processor was added. Numerous drivers were listed as new or improved, including a huge list of network drivers:
"The bge(4) driver now supports BCM5906/BCM5906M 10/100 and BCM5755 10/100/Gigabit Ethernet devices; the cas(4) driver now supports Cassini+ 10/100/Gigabit Ethernet devices; the em(4) driver now supports ICH9 10/100 and 10/100/Gigabit Ethernet devices; the gem(4) driver now supports the onboard 1000base-SX interface on the Sun Fire V880 server; the ixgb(4) driver now supports the Sun 10Gb PCI-X Ethernet devices; the msk(4) driver now supports Yukon FE+ 10/100 and Yukon Supreme 10/100/Gigabit Ethernet devices; the nfe(4) driver now supports MCP73, MCP77 and MCP79 10/100/Gigabit Ethernet devices; the ral(4) driver now supports RT2800 based wireless network devices; the cmpci(4) driver now supports CMI8768 based audio adapters; the it(4) driver now supports ITE IT8705F/8712F/8716F/8718F/8726F and SiS SiS950 ICs; new bwi(4) driver for the Broadcom AirForce IEEE 802.11b/g wireless network device; new et(4) driver for the Agere/LSI ET1310 10/100/Gigabit Ethernet device; new etphy(4) driver for the Agere/LSI ET1011 TruePHY Gigabit Ethernet PHY; new iwn(4) driver for the Intel Wireless WiFi Link 4965AGN IEEE 802.11a/b/g/Draft-N wireless network device; new upgt(4) driver for the Conexant/Intersil PrismGT SoftMAC USB IEEE 802.11b/g wireless network device."
A more complete list of changes can be found here. ONLamp also recently posted an interview titled, "Puffy and the Cryptonauts: What's New in OpenBSD 4.3". Theo noted, "profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now."
"Twice a year I get to release the song & lyrics, and write a little commentary on something the project dealt with other [than] the release. Hope you guys enjoy," said OpenBSD creator Theo de Raadt, including a link to the latest OpenBSD song. The OpenBSD project maintains a six month release cycle, with the upcoming 4.3 release officially scheduled for May 1st, 2008. Each release includes a song relevant to issues faced by the project during the past six months. The song for the upcoming 4.3 release is titled, "Home to Hypocrisy", with scathing references to some recent postings on the OpenBSD -misc mailing list by Free Software Foundation creator Richard Stallman. In his commentary, Theo explained, "we release our software in ways that are maximally free. We remove all restrictions on use and distribution, but leave a requirement to be known as the authors." He continued, describing the recent confrontation on the OpenBSD -misc mailing list:
"We have a development sub-tree called 'ports'. Our 'ports' tree builds software that is 'found on the net' into packages that OpenBSD users can use more easily. A scaffold of Makefiles and scripts automatically fetch these pieces of software, apply patches as required by OpenBSD, and then build them into nice neat little tarballs. [...] Richard felt that this 'ports tree' of ours made OpenBSD non-free. He came to our mailing lists and lectured to us specifically, yet he said nothing to the many other vendors who do the same; many of them donate to the FSF and perhaps that has something to do with it. Meanwhile, Richard has personally made sure that all the official GNU software -- including Emacs -- compiles and runs on Windows.
"That man is a false leader. He is a hypocrite. There may be some people who listen to him. But we don't listen to people who do not follow their own stupid rules."
GNU Project and Free Software Foundation founder Richard Stallman posted a message on the OpenBSD -misc mailing list titled, "real men don't attack straw men", suggesting that some comments he had made were being misrepresented. He noted, "one question particularly relevant for this list is why I don't recommend OpenBSD. It is not about what the system allows. (Any general purpose system allows doing anything at all.) It is about what the system suggests to the user." He went on to note that though he knew of no non-free software included in the base OpenBSD system, there was non-free software distributed via the ports collection, "if a collection of software contains (or suggests installation of) some non-free program, I do not recommend it."
In the email, RMS added that he was unsure whether or not OpenBSD includes any non-free firmware blobs. It was pointed out that OpenBSD is known for being explicity focused on not shipping blobs. As for binary firmware, Reyk Floeter explained, "there is a major difference between binary blobs and firmware images; the blobs are loaded as code into the OS kernel, but the firmware runs directly on the device on crappy embedded micro CPUs." Reyk is the author of the reverse engineered ar5k HAL OpenBSD uses to support the Atheros wireless chipset, which was recently adopted by the Linux-based MadWifi project in their ath5k driver. Reyk added, "I'm clearly against binary blobs in the kernel, and in contrast to most of the GNU/Linux dudes I _did_ some against it by writing ar5k, instead of pointing into the wrong direction. This open firmware discussion is just a joke to make the relevant discussion, binary blobs in the OS kernel, irrelevant." Marco Peereboom added, "OpenBSD is by far the most free OS in the landscape. Everything that ships with it is free or else it won't be distributed with it. There is not a single open source OS out there that is more careful than OpenBSD on licensing, copyrights and frivolous patents."
"We are pleased to announce the official release of OpenBSD 4.2. This is our 22nd release on CD-ROM (and 23rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install," Theo de Raadt announced. In addition to a lengthy list of new features and improvements, the release announcement includes a dedication:
"We dedicate this release to the memory of long-time developer Jun-ichiro 'itojun' Itoh Hagino, who focused his life on IPv6 deployment for everyone. Without his BSD and IETF participation, IPv6 would not be where it is today. Only now people are becoming aware of his numerous contributions because he took credit for much less than he accomplished. The developers in our project will all miss him."
"With great sadness, I regret to inform you that Itojun will not be presenting his great knowledge of IPv6 at PacSec. I have been informed by several sources that he passed away yesterday," Dragos Ruiu announced the unhappy news on the OpenBSD -misc mailing list. He noted, "funeral services will be held on Nov 7th at Rinkai-Saijo in Tokyo. There aren't many details of his passing, so please let his family and relatives mourn in peace for now." Dragos offered the following words about Itojun:
"I knew Itojun as one of the smartest and kindest persons I have ever met. He helped everyone around him. He graciously hosted and assisted many foreigners new to Japan at the PacSec conferences, and was a good friend to all. He would go to extraordinary lengths to help anyone around him. We will all miss him - and his work on IPv6 will continue to help us for a long time.."
"If you knew or respected him, he would have wanted any energy you put towards grief to be spent on speeding the adoption and the robustness of the version 6 internet to which he devoted so much of his extraordinary life to."
A thread on the OpenBSD -misc mailing list began by discussing whether or not XEN had been ported to OpenBSD, "is it planned at some point to release a paravirtualized xen kernel for OpenBSD 4.3 or 4.4?" Later in the discussion it was suggested that virtualization should be a priority for security reasons, "virtualization seems to have a lot of security benefits." OpenBSD creator Theo de Raadt strongly disagreed with this assertion, "you've been smoking something really mind altering, and I think you should share it." He went on to describe virtualization as "something on the shelf, [which] has all sorts of pretty colours, and you've bought it", explaining:
"x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."
Later in the thread, Theo went on to note, "if the actual hardware let us do more isolation than we do today, we would actually do it in our operating system. The problem is the hardware DOES NOT actually give us more isolation abilities, therefore the VM does not actually do anything what the say they do." He then suggested that companies marketing virtualization should soften their claims to something supportable, such as, "yes, it [increases] hardware utilization, and the nasty security impact might be low".
"People who had problems with unsupported Atheros devices (single chip variants found in recent laptops, macbooks, etc.) should get the latest code from CVS and test it..." OpenBSD Reyk Floeter announced regarding recent improvements to his reverse engineered HAL adding support for 11b mode. He noted that the new code wasn't without fault yet, adding, "hacked and tested in the Melbourne Museum during the AUUG 2007..." Reyk explained the changes in his commit message:
"The newer single chip Atheros wireless chipsets like the AR5424, AR2423 etc. are mostly compatible to the AR5212 but use a different algorithm to set the 2GHz RF channel, that's why they didn't work in OpenBSD. I figured out that the channels were set with an offset, setting channel 11 in the driver caused the hardware to set channel 5 etc. Because I didn't figure out the pattern to fix the algoritm yet, I fixed it in a workaroundish way by defining a small 'table' with offsets for the 11b channels to get the right results. For example, if we want to set channel 11 (2462MHz), we add an offset of -30MHz, and feed the result (2432MHz ^= channel 5) into the unmodified AR5212/AR5112 RF setup function.
"Long description for a commit message, but it needed some time to figure it out. It is still not perfect, needs some more work, and it doesn't work in all cases; but it allows to use newer chipsets in 11b mode restricted to 1 or to 2Mbit/s. 11a mode seems to work without problems so far."
The OpenBSD project maintains a six month release cycle, with the upcoming 4.2 release officially scheduled for November 1'st. Each release includes a song relevant to current issues faced by the project. For this release the song is titled "100001 1010101", about which OpenBSD creator Theo de Raadt notes, "it is designed to sound like a mid-era Rush song, ie. something from Grace Under Pressure or such. And there's a few easter eggs hidden in the song as well. It also explains the inside sleeve image..." The referenced image shows a marathon between some of the different operating system mascots, running a a race through often hostile looking surroundings, fraught with distractions. Toward the bottom is an obvious reference to the recent issue of relicensing BSD code under the GPL, in which Puffy, the OpenBSD mascot, shows a map to Tux, the Linux mascot, and the latter takes off with it. The OpenBSD lyrics page explains that BSD code is shared with all, even non-open-sourced projects who respect the license and frequently return code, "we fully admit that some BSD licensed software has been taken and used by many commercial entities, but contributions come back more often than people seem to know, and when they do, they're always still properly attributed to the original authors, and given back in the same spirit that they were given in the first place." Theo noted, "that's the best we can expect from companies," going on to add, "but we can expect more from projects who talk about sharing -- such as the various Linux projects." He explained:
"Now rather than seeing us as friends who can cooperatively improve all codebases, we are seen as foes who oppose the GPL. The participants of "the race" are being manipulated by the FSF and their legal arm, the SFLC, for the FSF's aims, rather than the goal of getting good source into Linux (and all other code bases). We don't want this to come off as some conspiracy theory, but we simply urge those developers caution -- they should ensure that the path they are being shown by those who have positioned themselves as leaders is still true. Run for yourself, not for their agenda.
"The Race is there to be run, for ourselves, not for others. We do what we do to run our own race, and finish it the best we can. We don't rush off at every distraction, or worry how this will affect our image. We are here to have fun doing right."
A thread on the OpenBSD-misc mailing list compared the security of SELinux in the 2.6 Linux kernel to what's available in OpenBSD. The general opinion was that SELinux and its policy language are too complex, leading Damien Miller to note, "every medium to large Linux deployment that I am aware off has switched SELinux off. Once you stray from the default configurations that the system distributors ship with, the default policies no longer work and things start to break." Ted Unangst summarized, "the problem with security by policy is that the policy is always wrong."
Darrin Chandler suggested, "security should not be grafted on, it should be integrated into the main development process. I'm sure the patch maintainers are doing their best, but this doesn't change the fundamental flaw in the process. It's not a flaw of their making, it's inherent in the situation. But it's still a flaw." It was pointed out again that SELinux is part of the 2.6 kernel via LSM, to which Jason Dixon noted, "SELinux is a button. Buttons are easy to turn off. Darrin went on to say, "compare that to a complete operating system (OpenBSD) where security is part of code quality, and part of the normal mainline development." The security features in OpenBSD that were then discussed included propolice stack protection, random library mappings, proactive privilege separation, W^X, and systrace.
"Reyk and I have decided to show something from the private handling of this Atheros copyright violation issue," OpenBSD creator Theo de Raadt began in a posting to the OpenBSD -misc mailing list referring to the recent relicensing of OpenBSD's BSD licensed Atheros driver under the GPL. He noted, "it has been like pulling teeth since (most) Linux wireless guys and the SFLC do not wish to admit fault. I think that the Linux wireless guys should really think hard about this problem, how they look, and the legal risks they place upon the future of their source code bodies." He stressed that the theory that BSD code can simply be relicensed to the GPL without making significant changes to the code is false, adding, "in their zeal to get the code under their own license, some of these Linux wireless developers have broken copyright law repeatedly. But to even get to the point where they broke copyright law, they had to bypass a whole series of ethical considerations too." Theo went on to explain:
"I believe these people have received bogus advice from Eben Moglen regarding how copyright law actually works in a global setting. Perhaps the internationally based developers should rethink their approach of taking advice from a US-based lawyer who apparently knows nothing about the Berne Convention. Furthermore, those developers are getting advice freely from ex-FSF people who have formed an agency with an agenda. Some have suggested that the SFLC was formed to avoid smearing the FSF with dirt whenever the SFLC does something risky. Don't get trampled; there could be penalties besides looking unethical and guilty. Be really cautious, especially with things like this coming to mess with our communities."
During the continuing debates regarding the legality and fairness of re-licensing BSD licensed code, it was asked why the BSD license couldn't be extracted from Windows applications known to include BSD licensed code. OpenBSD creator Theo de Raadt explained, "what you ran strings on is not 'source code'. It was the binary," pointing to the first clause of the BSD license used by the code in question which says, "
redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer." He then quoted the second clause of the BSD license, "
redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution," and added, "if you take your Microsoft documentation, and dig really deep, you will find the whole notice copied into it there. Go ahead, you'll find it."
Theo continued, explaining that earlier versions of the BSD license used in OpenBSD and other BSD projects still had the advertising clause which required all advertising materials for products using their code to include a notice stating, "
this product includes software developed by the University of California, Berkeley and its contributors." He added, "and.. once again, older copies of Windows DID follow that rule, too, just like Sun and everyone else," noting that one exception was AT&T and the Unix System Laboratories, "who included modified BSD manuals in their Unixware commercial distributions, and that mistake resulted in USL losing the USL v BSDI & University of California lawsuit. (I have simplified the situation, s/losing/settling at a serious loss/)."
OpenBSD project creator Theo de Raadt detailed his concerns regarding BSD-licensed code and Dual-BSD/GPL-licensed code being re-licensed under only the GPL as previously discussed here, "honestly, I was greatly troubled by the situation, because even people like Alan Cox were giving other Linux developers advice to ... break the law. And furthermore, there are even greater potential risks for how the various communities interact." He went on to add:
"It may seem that the licenses let one _distribute_ it under either license, but this interpretation of the license is false -- it is still illegal to break up, cut up, or modify someone else's legal document, and, it cannot be replaced by another license because it may not be removed. Hence, a dual licensed file always remains dual licensed, every time it is distributed."
Theo then talked about cases where a significant amount of code is added or changed, "if you add 'large pieces of originality' to the code which are valid for copyright protection on their own, you may choose to put a different and separate (must be non-conflicting...) license at the top of the file above the existing license." He then suggested, "if you wish for everyone to remain friends, you should give code back. That means (at some ethical or friendliness level) you probably do not want to put a GPL at the top of a BSD or ISC file, because you would be telling the people who wrote the BSD or ISC file, 'thanks for what you wrote, but this is a one-way street, you give us code, and we take it, we give you you nothing back.'"
OpenBSD creator Theo de Raadt highlighted a recent commit to the NetBSD source tree saying, "if anyone had any doubt that our insistence on freedom was important, just read this." The referenced commit message describes an effort to work around issues with a blob that is included with NetBSD, something strongly avoided by the OpenBSD project. The commit message states:
"The Atheros HAL on MIPS uses %s7 as a general purpose register, but the rest of the kernel uses it to store the value of curlwp. Sam won't recompile the HAL for us (fair enough), and we can't modify the HAL to use another register because doing so could put us in breach of the license (v. crappy). So, do a save/set/restore on %s7 in KernIntr() and in the stubs that the HAL uses to call back into the kernel.
"Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files."